CVE-2021-47875
Buffer Overflow in GeoGebra CAS Calculator Causes Denial of Service
Publication date: 2026-01-21
Last updated on: 2026-01-21
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| geogebra | cas_calculator | 6.0.631.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in GeoGebra CAS Calculator 6.0.631.0 is a denial of service (DoS) issue caused by a large buffer overflow. An attacker can create a payload of 8,000 repeated characters and paste it into the calculator's input field, which causes the application to crash. This happens because the application does not properly handle excessively large input, leading to resource allocation problems and a crash. [1, 2]
How can this vulnerability impact me? :
The impact of this vulnerability is a denial of service, meaning the GeoGebra CAS Calculator application can be crashed and become unavailable to the user. This could disrupt work or processes relying on the calculator, especially if an attacker has local access and can trigger the crash by pasting the malicious payload. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the denial of service condition locally on the GeoGebra CAS Calculator version 6.0.631.0. One method is to create a payload of 8000 repeated characters (e.g., 'A') and paste it into the calculator's input field to see if the application crashes. A Python script can be used to generate this payload, such as: ```python with open('payload.txt', 'w') as f: f.write('A' * 8000) ``` Then, open the payload.txt file, copy its contents, and paste into the calculator's input field. If the application crashes, the vulnerability is present. There are no specific network detection commands since the exploit is local and requires user interaction. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the GeoGebra CAS Calculator application to trusted users only, as the exploit requires local access and user interaction. Avoid pasting or entering large inputs (such as 8000 repeated characters) into the calculator's input field. Monitoring and educating users about this vulnerability can help prevent accidental triggering. Additionally, check for any available updates or patches from the vendor that address this issue and apply them as soon as possible. [2]