memono Notepad Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in memono Notepad version 4.2. This issue allows attackers to crash the application by pasting extremely long character buffers into note fields. The vulnerability arises from memory allocation with excessive size values, leading to application instability. On iOS devices, the application can be forced to crash by pasting a payload of 350,000 repeated characters twice into a new note.

Impact

Exploitation of this vulnerability causes the application to crash, disrupting the user's ability to use the app effectively.

Reproduction

To reproduce this vulnerability, open memono Notepad version 4.2 on an iOS device. Create a new note and run a Python script that generates a text file containing 350,000 repeated characters. Copy the contents of this file and paste it twice into the new note. The application will crash as a result.