Description
memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character buffers into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an application crash on iOS devices.
Published: 2026-05-10
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a buffer overflow in memono Notepad 4.2 that lets an attacker crash the application by inserting an excessively long string into a note. Once triggered, the app terminates unexpectedly, disrupting the user’s ability to create or edit notes. This is a local denial‑of‑service flaw that could be exploited by anyone who can paste content into the Notepad UI, but it does not compromise data confidentiality or integrity.

Affected Systems

The flaw affects the memono Notepad application version 4.2 on iOS devices. No other product or version information is provided in the CVE data.

Risk and Exploitability

The CVSS score of 8.7 reflects the high impact of the crash, while the lack of an EPSS score indicates that no public exploit rate data is available. The vulnerability is not listed in the CISA KEV catalog, suggesting no widely known active exploitation. It can most likely be triggered by a simple paste action in the notarized iOS app, so an attacker needs no special privileges. The risk remains high for users who run the vulnerable version, and any device that can run the iOS app is potentially exposed.

Generated by OpenCVE AI on May 10, 2026 at 14:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update memono Notepad to the latest available version (4.3 or later) once the vendor releases a fix
  • Configure or script a rule that limits the maximum length of note text to a safe value, roughly in the 50,000‑character range, to prevent overflows
  • If possible, disable or restrict paste functionality in Notepad or monitor and filter large input payloads for malicious patterns

Generated by OpenCVE AI on May 10, 2026 at 14:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 03:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 10 May 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Memono
Memono notepad
Vendors & Products Memono
Memono notepad

Sun, 10 May 2026 13:00:00 +0000

Type Values Removed Values Added
Description memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character buffers into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an application crash on iOS devices.
Title memono Notepad 4.2 Denial of Service via Buffer Overflow
Weaknesses CWE-789
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Memono Notepad
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-12T02:39:53.892Z

Reserved: 2026-02-01T11:24:18.718Z

Link: CVE-2021-47944

cve-icon Vulnrichment

Updated: 2026-05-12T02:39:49.387Z

cve-icon NVD

Status : Deferred

Published: 2026-05-10T13:16:30.760

Modified: 2026-05-13T15:30:24.603

Link: CVE-2021-47944

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-10T21:23:27Z

Weaknesses