{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2021-47973/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2021-47973"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Sticky Notes Widget 3.0.6"],"_cs_severities":["medium"],"_cs_tags":["denial of service","ios","cve-2021-47973"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eSticky Notes Widget 3.0.6 is susceptible to a denial-of-service (DoS) vulnerability identified as CVE-2021-47973. This flaw allows a remote attacker to crash the application on iOS devices. The vulnerability is triggered when the application attempts to process an overly long string pasted into a note field. Specifically, pasting a string consisting of 350,000 repeated characters twice into a new note can reliably induce the crash. This vulnerability poses a threat to application availability, as a malicious actor could exploit it to disrupt the service for legitimate users.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable instance of Sticky Notes Widget 3.0.6 running on an iOS device.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a payload consisting of a string of 350,000 repeated characters.\u003c/li\u003e\n\u003cli\u003eAttacker copies the crafted payload to the device\u0026rsquo;s clipboard.\u003c/li\u003e\n\u003cli\u003eAttacker opens the Sticky Notes Widget application.\u003c/li\u003e\n\u003cli\u003eAttacker creates a new note within the application.\u003c/li\u003e\n\u003cli\u003eAttacker pastes the payload into the new note\u0026rsquo;s text field.\u003c/li\u003e\n\u003cli\u003eAttacker pastes the payload again into the same note\u0026rsquo;s text field.\u003c/li\u003e\n\u003cli\u003eThe application attempts to process the oversized input, resulting in excessive memory allocation and a subsequent crash, denying service to the user.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2021-47973 leads to a denial-of-service condition, rendering the Sticky Notes Widget application unusable on the targeted iOS device. This can lead to data loss if a user\u0026rsquo;s notes are not properly backed up and disrupts productivity for users who rely on the application for note-taking and organization. The number of potential victims is limited to the number of users running the vulnerable version of the application.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor application logs for excessively large input strings being processed by the Sticky Notes Widget to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect suspicious process crashes related to the Sticky Notes Widget application.\u003c/li\u003e\n\u003cli\u003eConsider network-level rate limiting to mitigate DoS attacks targeting the application.\u003c/li\u003e\n\u003cli\u003eSince there are no vendor-supplied patches, consider deploying a client-side input validation mechanism.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-16T16:21:28Z","date_published":"2026-05-16T16:21:28Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2021-47973-dos/","summary":"Sticky Notes Widget 3.0.6 is vulnerable to a denial-of-service attack (CVE-2021-47973), where an attacker can crash the application on iOS devices by pasting excessively long character strings into note fields.","title":"Sticky Notes Widget Denial-of-Service Vulnerability (CVE-2021-47973)","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2021-47973-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2021-47973","version":"https://jsonfeed.org/version/1.1"}