Description
Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can generate a payload containing 350000 repeated characters and paste it into a note field to trigger application crash and stop functionality.
Published: 2026-05-16
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Macaron Notes 5.5 contains a buffer overflow that allows an attacker to crash the application by creating notes with an excessively long string. A payload of 350,000 repeated characters pasted into a note field triggers an overflow, causing the app to terminate unexpectedly and halt normal functionality. The vulnerability results in a local denial of service, denying legitimate users access to the notebook functionality.

Affected Systems

The vulnerable product is Macaron Notes Gear Notebook version 5.5 as distributed by macaron-notes-great-notebook. No other vendor or product versions are listed in the CNA data.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity. No EPSS score is available, so the exploitation probability is unknown, but the lack of KEV listing suggests no widespread exploitation is documented. The attack requires the ability to create a note with arbitrary content—typically a local user or a remote user with note‑creation access, depending on the deployment type. The exploit triggers a buffer overflow that simply terminates the process, not taking system control.

Generated by OpenCVE AI on May 16, 2026 at 16:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a fixed release of Macaron Notes Gear Notebook that resolves the buffer overflow (consult the vendor’s update releases).
  • If no patch is available, enforce a maximum note length in the application settings or via external input filtering to reject strings exceeding a safe threshold.
  • Implement monitoring to detect unexpected application crashes and alert administrators so the issue can be addressed promptly.

Generated by OpenCVE AI on May 16, 2026 at 16:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 17 May 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Macaron-notes-great-notebook
Macaron-notes-great-notebook macaron Notes Gear Notebook
Vendors & Products Macaron-notes-great-notebook
Macaron-notes-great-notebook macaron Notes Gear Notebook

Sat, 16 May 2026 15:45:00 +0000

Type Values Removed Values Added
Description Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can generate a payload containing 350000 repeated characters and paste it into a note field to trigger application crash and stop functionality.
Title Macaron Notes 5.5 Denial of Service via Buffer Overflow
Weaknesses CWE-789
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Macaron-notes-great-notebook Macaron Notes Gear Notebook
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-25T23:41:18.524Z

Reserved: 2026-05-16T14:30:32.190Z

Link: CVE-2021-47970

cve-icon Vulnrichment

Updated: 2026-05-18T16:58:13.961Z

cve-icon NVD

Status : Deferred

Published: 2026-05-16T16:16:22.330

Modified: 2026-05-18T17:32:04.823

Link: CVE-2021-47970

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-17T17:00:39Z

Weaknesses
  • CWE-789

    Memory Allocation with Excessive Size Value