{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2021-47944/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2021-47944"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["memono Notepad 4.2"],"_cs_severities":["medium"],"_cs_tags":["denial-of-service","ios","CVE-2021-47944"],"_cs_type":"advisory","_cs_vendors":["memono"],"content_html":"\u003cp\u003ememono Notepad version 4.2 is susceptible to a denial-of-service (DoS) vulnerability. This flaw allows a remote attacker to crash the application on iOS devices by exploiting its handling of excessively long character buffers within note fields. Specifically, an attacker can trigger this vulnerability by pasting a payload consisting of 350,000 repeated characters twice into a new note. The vulnerability, identified as CVE-2021-47944, could lead to application unavailability and disruption of service for users of the affected application. This vulnerability was reported on May 10, 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a string containing 350,000 repeated characters.\u003c/li\u003e\n\u003cli\u003eThe attacker opens the memono Notepad application on an iOS device.\u003c/li\u003e\n\u003cli\u003eThe attacker creates a new note within the application.\u003c/li\u003e\n\u003cli\u003eThe attacker pastes the crafted string into the note\u0026rsquo;s text field.\u003c/li\u003e\n\u003cli\u003eThe attacker pastes the crafted string a second time into the same note\u0026rsquo;s text field.\u003c/li\u003e\n\u003cli\u003eThe application attempts to allocate memory to handle the oversized buffer.\u003c/li\u003e\n\u003cli\u003eDue to insufficient memory resources or improper buffer handling, the application crashes.\u003c/li\u003e\n\u003cli\u003eThe user experiences a denial of service as the application becomes unresponsive.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability results in a denial-of-service condition, causing the memono Notepad application to crash on the targeted iOS device. This can lead to data loss if the user has unsaved changes and disrupts the user\u0026rsquo;s ability to take or access notes using the application. While the vulnerability itself doesn\u0026rsquo;t expose sensitive data, repeated exploitation could significantly degrade the user experience and availability of the application. The number of victims is potentially high, given the popularity of note-taking applications on mobile devices.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor process crashes on iOS devices, specifically those originating from memono Notepad, to detect potential exploitation attempts (see the process crash Sigma rule below).\u003c/li\u003e\n\u003cli\u003eImplement application-level input validation to limit the size of text input accepted by memono Notepad to prevent excessively large buffer allocations.\u003c/li\u003e\n\u003cli\u003eInvestigate and patch CVE-2021-47944 in memono Notepad to prevent attackers from exploiting this vulnerability.\u003c/li\u003e\n\u003cli\u003eEducate users to avoid pasting untrusted large text payloads into applications on their iOS devices.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-10T13:21:24Z","date_published":"2026-05-10T13:21:24Z","id":"https://feed.craftedsignal.io/briefs/2026-05-memono-notepad-dos/","summary":"memono Notepad 4.2 is vulnerable to a denial-of-service attack, allowing attackers to crash the application by pasting excessively long character buffers (specifically, two pastes of 350,000 repeated characters) into note fields on iOS devices, as tracked by CVE-2021-47944.","title":"memono Notepad 4.2 Denial of Service Vulnerability (CVE-2021-47944)","url":"https://feed.craftedsignal.io/briefs/2026-05-memono-notepad-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — CVE-2021-47944","version":"https://jsonfeed.org/version/1.1"}