Primary

Context

Sticky Notes Widget Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in the Sticky Notes Widget version 3.0.6. This issue allows attackers to crash the application by pasting extremely long character strings into note fields. On iOS devices, the application can be made to crash by pasting a payload of 350,000 repeated characters twice into a new note.

Impact

Exploitation of this vulnerability causes the application to crash, disrupting the user's ability to use the Sticky Notes Widget.

Reproduction

To reproduce this vulnerability, open the Sticky Notes Widget application on an iOS device. Create a new note and run a Python script that generates a text file containing 350,000 repeated characters. Copy the contents of this file and paste it twice into the new note. The application will crash, demonstrating the denial-of-service condition.

Added: May 16, 2026, 4:23 PM

Updated: May 16, 2026, 4:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

8.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

8.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sticky Notes Widget Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Sticky Notes Widget

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating