CVE-2021-47973— Sticky Notes Widget 3.0.6 Denial of Service via Buffer Overflow

Sticky Notes Widget 3.0.6 Denial of Service via Buffer Overflow

Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an application crash on iOS devices.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

未经控制的内存分配

WordPress plugin Sticky Notes Widget 安全漏洞

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin Sticky Notes Widget 3.0.6版本存在安全漏洞，该漏洞源于允许攻击者通过粘贴超长字符串到笔记字段导致拒绝服务，攻击者可生成包含350000个重复字符的有效载荷并两次粘贴到新笔记中触发iOS设备上的

N/A

N/A