Description
My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an application crash.
Published: 2026-05-16
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a buffer overflow that causes a denial of service by crashing the application when an attacker creates a note containing an excessively long string. By replicating a payload of 350,000 characters and inserting it twice, the application crashes, disrupting availability for all users.

Affected Systems

My Notes Safe version 5.3 installed on any platform where the application runs. The impacted vendor is My Notes Safe by my-notes-safe, as recorded by the CNA. No specific operating system or platform is listed, so all supported environments for My Notes Safe 5.3 are potentially affected.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity denial of service. EPSS information is not available, so the exploit probability cannot be quantified. It is not listed in CISA KEV. Attackers can trigger the crash by submitting a single new note with duplicated large payloads, and based on the description the attack vector is inferred to be local or remote depending on the system’s access controls. A successful exploit would interrupt service for all users but does not compromise confidentiality or integrity.

Generated by OpenCVE AI on May 16, 2026 at 16:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade My Notes Safe to a patched version that fixes the buffer overflow.
  • If an update is unavailable, configure the application or underlying web server to enforce a maximum length on note fields to prevent excessively large inputs.
  • Monitor application logs and uptime metrics for signs of interruption; restart the application if a crash occurs.

Generated by OpenCVE AI on May 16, 2026 at 16:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 17 May 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared My-notes-safe
My-notes-safe my Notes Safe
Vendors & Products My-notes-safe
My-notes-safe my Notes Safe

Sat, 16 May 2026 15:45:00 +0000

Type Values Removed Values Added
Description My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an application crash.
Title My Notes Safe 5.3 Denial of Service via Buffer Overflow
Weaknesses CWE-789
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

My-notes-safe My Notes Safe
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-18T18:50:19.752Z

Reserved: 2026-05-16T14:31:05.004Z

Link: CVE-2021-47971

cve-icon Vulnrichment

Updated: 2026-05-18T18:49:45.702Z

cve-icon NVD

Status : Deferred

Published: 2026-05-16T16:16:22.463

Modified: 2026-05-18T17:32:04.823

Link: CVE-2021-47971

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-17T17:00:38Z

Weaknesses
  • CWE-789

    Memory Allocation with Excessive Size Value