Description
Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can generate a payload containing 350000 repeated characters and paste it into a note field to trigger application crash and stop functionality.
Published: 2026-05-16
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Macaron Notes 5.5 contains a buffer overflow that allows an attacker to crash the application by creating notes with an excessively long string. A payload of 350,000 repeated characters pasted into a note field triggers an overflow, causing the app to terminate unexpectedly and halt normal functionality. The vulnerability results in a local denial of service, denying legitimate users access to the notebook functionality.

Affected Systems

The vulnerable product is Macaron Notes Gear Notebook version 5.5 as distributed by macaron-notes-great-notebook. No other vendor or product versions are listed in the CNA data.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity. No EPSS score is available, so the exploitation probability is unknown, but the lack of KEV listing suggests no widespread exploitation is documented. The attack requires the ability to create a note with arbitrary content—typically a local user or a remote user with note‑creation access, depending on the deployment type. The exploit triggers a buffer overflow that simply terminates the process, not taking system control.

Generated by OpenCVE AI on May 16, 2026 at 16:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a fixed release of Macaron Notes Gear Notebook that resolves the buffer overflow (consult the vendor’s update releases).
  • If no patch is available, enforce a maximum note length in the application settings or via external input filtering to reject strings exceeding a safe threshold.
  • Implement monitoring to detect unexpected application crashes and alert administrators so the issue can be addressed promptly.

Generated by OpenCVE AI on May 16, 2026 at 16:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 16 May 2026 15:45:00 +0000

Type Values Removed Values Added
Description Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can generate a payload containing 350000 repeated characters and paste it into a note field to trigger application crash and stop functionality.
Title Macaron Notes 5.5 Denial of Service via Buffer Overflow
Weaknesses CWE-789
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-16T15:26:11.249Z

Reserved: 2026-05-16T14:30:32.190Z

Link: CVE-2021-47970

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-16T16:16:22.330

Modified: 2026-05-16T16:16:22.330

Link: CVE-2021-47970

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-16T17:00:13Z

Weaknesses