My Notes Safe Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in My Notes Safe version 5.3. This issue allows attackers to crash the application by pasting extremely long strings of characters into note fields. The vulnerability arises from memory allocation with excessive size values, leading to a buffer overflow. Exploitation involves generating a payload of 350,000 repeated characters and pasting it twice into a new note, causing the application to crash.

Impact

Exploitation of this vulnerability leads to a crash of the My Notes Safe application, causing it to stop working. This behavior is consistent with a denial-of-service condition, where the application becomes unresponsive or unavailable to the user.

Reproduction

To reproduce this vulnerability, open the My Notes Safe application and create a new note. Use a Python script to generate a payload of 350,000 repeated characters and save it to a text file. Then, copy the contents of this file and paste it twice into the new note. The application will crash as a result.