PatchSiren cyber security CVE debrief
CVE-2021-47973 Exploit Db CVE debrief
CVE-2021-47973 is a denial-of-service issue reported in Sticky Notes Widget 3.0.6 on iOS. The supplied corpus says an attacker can crash the app by pasting extremely long strings into note fields, including a payload of 350,000 repeated characters pasted twice into a new note.
- Vendor
- Exploit Db
- Product
- Unknown
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-16
- Original CVE updated
- 2026-05-16
- Advisory published
- 2026-05-16
- Advisory updated
- 2026-05-16
Who should care
Anyone running Sticky Notes Widget 3.0.6 on iOS, plus mobile app maintainers and support teams who need to validate input handling and reduce crash exposure.
Technical summary
The source corpus describes an input-triggered crash in note fields when the application receives excessively long pasted text. The reported reproduction pattern is a payload of 350,000 repeated characters pasted twice into a new note, which causes the app to terminate on iOS devices. NVD metadata in the corpus classifies the weakness as CWE-789 and assigns a HIGH CVSS 4.0 score; the linked disclosure materials also frame the issue as a denial of service via buffer overflow. The exact affected code path and fix status are not provided in the supplied materials.
Defensive priority
High - prioritize if you operate or support Sticky Notes Widget 3.0.6 on iOS, because oversized note content can crash the application and interrupt service even though the issue is not described as code execution.
Recommended defensive actions
- Confirm whether Sticky Notes Widget 3.0.6 is deployed or in active use on iOS devices.
- Restrict or sanitize unusually large pasted input in note fields until a vendor fix is available.
- Add strict length checks and safe string-handling controls in any affected code path.
- Test the application with oversized text inputs in a controlled QA environment to confirm whether crashes are reproducible.
- Monitor crash logs and user reports for note-field-related failures.
- If a patched version becomes available, upgrade promptly or remove the affected app version from circulation.
Evidence notes
The corpus includes an official NVD record, the CVE record, and two external references: an Exploit-DB entry and a VulnCheck advisory URL. The description explicitly says the crash can be triggered by pasting 350,000 repeated characters twice into a new note on iOS. NVD metadata in the corpus lists CVSS v4.0 vector details and CWE-789. The vendor attribution field is low confidence and marked for review, so treat product/vendor labeling as provisional. The supplied materials do not include a patch date or remediation status.
Official resources
The supplied corpus shows the CVE record and source item published/modified on 2026-05-16. No earlier disclosure date is provided in the supplied materials.