Description
My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an application crash.
Published: 2026-05-16
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a buffer overflow that causes a denial of service by crashing the application when an attacker creates a note containing an excessively long string. By replicating a payload of 350,000 characters and inserting it twice, the application crashes, disrupting availability for all users.

Affected Systems

My Notes Safe version 5.3 installed on any platform where the application runs. The impacted vendor is My Notes Safe by my-notes-safe, as recorded by the CNA. No specific operating system or platform is listed, so all supported environments for My Notes Safe 5.3 are potentially affected.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity denial of service. EPSS information is not available, so the exploit probability cannot be quantified. It is not listed in CISA KEV. Attackers can trigger the crash by submitting a single new note with duplicated large payloads, and based on the description the attack vector is inferred to be local or remote depending on the system’s access controls. A successful exploit would interrupt service for all users but does not compromise confidentiality or integrity.

Generated by OpenCVE AI on May 16, 2026 at 16:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade My Notes Safe to a patched version that fixes the buffer overflow.
  • If an update is unavailable, configure the application or underlying web server to enforce a maximum length on note fields to prevent excessively large inputs.
  • Monitor application logs and uptime metrics for signs of interruption; restart the application if a crash occurs.

Generated by OpenCVE AI on May 16, 2026 at 16:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 16 May 2026 15:45:00 +0000

Type Values Removed Values Added
Description My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an application crash.
Title My Notes Safe 5.3 Denial of Service via Buffer Overflow
Weaknesses CWE-789
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-16T15:26:12.042Z

Reserved: 2026-05-16T14:31:05.004Z

Link: CVE-2021-47971

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-16T16:16:22.463

Modified: 2026-05-16T16:16:22.463

Link: CVE-2021-47971

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-16T17:00:13Z

Weaknesses