Description
Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can paste large payloads of repeated characters into note fields to trigger application crashes and make the application stop responding.
Published: 2026-05-16
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Sticky Notes & Color Widgets 1.4.2 has a denial of service flaw that triggers a crash when a note contains an excessively long string of characters. By pasting large repeated payloads into the note fields, an attacker can cause the application to become unresponsive, effectively denying legitimate users from creating or accessing notes. The weakness is a classic memory or resource exhaustion vulnerability, classified as CWE-789.

Affected Systems

The vulnerability impacts the Sticky Notes Color Widgets application, version 1.4.2. No other versions or products were identified in the current report, so the scope is limited to that specific release.

Risk and Exploitability

With a CVSS score of 8.7, the flaw is considered high severity. The EPSS score is not available, and the issue is not listed in CISA's KEV catalog, indicating no widely observed exploits at this time. Exploitation likely requires the attacker to have the ability to enter data into the application – either as a local user or through a remote interface if one exists. Given the lack of hardening against overly large inputs, the vulnerability is exploitable with minimal effort once input capability is obtained.

Generated by OpenCVE AI on May 16, 2026 at 16:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Sticky Notes Color Widgets to a version that enforces a limit on note length or that contains the vendor patch addressing the issue.
  • Implement or enforce input validation to restrict the maximum number of characters allowed in a note, thereby preventing runaway allocations.
  • Configure the application or host environment to automatically restart the service upon crash and monitor logs for repeated crashes to detect exploitation attempts.

Generated by OpenCVE AI on May 16, 2026 at 16:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 16 May 2026 15:45:00 +0000

Type Values Removed Values Added
Description Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can paste large payloads of repeated characters into note fields to trigger application crashes and make the application stop responding.
Title Sticky Notes & Color Widgets 1.4.2 Denial of Service
Weaknesses CWE-789
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-16T15:26:12.858Z

Reserved: 2026-05-16T14:31:35.596Z

Link: CVE-2021-47972

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-16T16:16:22.587

Modified: 2026-05-16T16:16:22.587

Link: CVE-2021-47972

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-16T17:00:13Z

Weaknesses