CVE-2021-47876
Buffer Overflow in GeoGebra Classic Input Field Causes DoS
Publication date: 2026-01-21
Last updated on: 2026-01-21
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| geogebra | classic | 5.0.631.0-d |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a denial of service (DoS) issue in GeoGebra Classic 5.0.631.0-d where an attacker can crash the application by inputting an excessively large string into the 'Entrada:' input field. Specifically, by pasting a buffer of 800,000 repeated characters, the application crashes, causing it to become unavailable. [1]
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker with local access to the system running GeoGebra Classic can cause the application to crash by inputting a very large string. This results in a denial of service, making the application unusable until restarted, which could disrupt work or learning activities relying on the software. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the denial of service condition locally. You can create a large payload of 800,000 repeated characters (e.g., 'A') using a Python script or command, save it to a file, and then paste the contents into the 'Entrada:' input field of GeoGebra Classic 5.0.631.0-d. If the application crashes, the vulnerability is present. For example, you can use a Python script to generate the payload or use a command like: python -c "print('A'*800000)" > payload.txt Then open GeoGebra Classic, paste the contents of payload.txt into the input field, and observe if the application crashes. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding pasting or inputting excessively large strings (such as 800,000 repeated characters) into the 'Entrada:' input field of GeoGebra Classic 5.0.631.0-d. Restrict access to the application to trusted users only, and monitor for any unusual input activity. Since the exploit is local and requires user interaction, limiting user privileges and educating users about this issue can help reduce risk until an official patch or update is available. [1]