CVE-2021-47798
Published: 16 January 2026
Summary
CVE-2021-47798 is a medium-severity Classic Buffer Overflow (CWE-120) vulnerability in Noteburner (inferred from references). Its CVSS base score is 6.7 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 30.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-9 (Information Input Restrictions).
Deeper analysis
CVE-2021-47798 is a buffer overflow vulnerability in NoteBurner version 2.35, affecting the license code input fields labeled 'Name' and 'Code'. This issue, mapped to CWE-120, allows attackers to trigger a crash via oversized input and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting critical severity due to its potential for high confidentiality, integrity, and availability impacts.
The vulnerability can be exploited by an attacker who generates a 6000-byte payload and pastes it into the 'Name' and 'Code' fields, causing a buffer overflow that crashes the NoteBurner application and results in a denial-of-service condition. Exploitation requires no privileges and is rated as low complexity, with network vector accessibility per the CVSS score.
Advisories and references include a proof-of-concept on Exploit-DB at https://www.exploit-db.com/exploits/50154, a VulnCheck advisory on the NoteBurner denial-of-service PoC at https://www.vulncheck.com/advisories/noteburner-denial-of-service-dos-poc, and the vendor site at https://www.noteburner.com/. No specific patches or mitigation steps are detailed in the provided information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-3031
Vulnerability details
NoteBurner 2.35 contains a buffer overflow vulnerability in the license code input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the 'Name' and 'Code' fields to trigger an application crash.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in license input fields directly enables application crash leading to DoS, matching T1499.004 Application or System Exploitation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Implements input validation on license 'Name' and 'Code' fields to reject oversized payloads, directly preventing the buffer overflow crash.
Enforces input restrictions such as maximum byte length on license fields to block 6000-byte payloads from triggering the buffer overflow.
Provides memory protections like stack guards and non-executable memory to mitigate exploitation consequences of the buffer overflow vulnerability.