CVE-2021-47875
Unknown Unknown - Not Provided
Buffer Overflow in GeoGebra CAS Calculator Causes Denial of Service

Publication date: 2026-01-21

Last updated on: 2026-01-21

Assigner: VulnCheck

Description
GeoGebra CAS Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a payload with 8000 repeated characters and paste it into the calculator's input field to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-21
Last Modified
2026-01-21
Generated
2026-06-16
AI Q&A
2026-01-21
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47875
EUVD
EUVD-2026-3615
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
geogebra cas_calculator 6.0.631.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in GeoGebra CAS Calculator 6.0.631.0 is a denial of service (DoS) issue caused by a large buffer overflow. An attacker can create a payload of 8,000 repeated characters and paste it into the calculator's input field, which causes the application to crash. This happens because the application does not properly handle excessively large input, leading to resource allocation problems and a crash. [1, 2]

Impact Analysis

The impact of this vulnerability is a denial of service, meaning the GeoGebra CAS Calculator application can be crashed and become unavailable to the user. This could disrupt work or processes relying on the calculator, especially if an attacker has local access and can trigger the crash by pasting the malicious payload. [1, 2]

Detection Guidance

This vulnerability can be detected by attempting to reproduce the denial of service condition locally on the GeoGebra CAS Calculator version 6.0.631.0. One method is to create a payload of 8000 repeated characters (e.g., 'A') and paste it into the calculator's input field to see if the application crashes. A Python script can be used to generate this payload, such as: ```python with open('payload.txt', 'w') as f: f.write('A' * 8000) ``` Then, open the payload.txt file, copy its contents, and paste into the calculator's input field. If the application crashes, the vulnerability is present. There are no specific network detection commands since the exploit is local and requires user interaction. [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the GeoGebra CAS Calculator application to trusted users only, as the exploit requires local access and user interaction. Avoid pasting or entering large inputs (such as 8000 repeated characters) into the calculator's input field. Monitoring and educating users about this vulnerability can help prevent accidental triggering. Additionally, check for any available updates or patches from the vendor that address this issue and apply them as soon as possible. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47875. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart