CVE-2021-47877
Unknown Unknown - Not Provided
Denial of Service via Buffer Overflow in GeoGebra

Publication date: 2026-01-21

Last updated on: 2026-01-21

Assigner: VulnCheck

Description
GeoGebra Graphing Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer. Attackers can generate a payload of 8000 repeated characters to overwhelm the input field and cause the application to become unresponsive.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-21
Last Modified
2026-01-21
Generated
2026-06-16
AI Q&A
2026-01-21
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47877
EUVD
EUVD-2026-3645
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
geogebra graphing_calculator 6.0.631.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2021-47877 is a denial of service vulnerability in GeoGebra Graphing Calculator version 6.0.631.0. It occurs when an attacker inputs an oversized bufferβ€”specifically, a payload of 8,000 repeated charactersβ€”into the application's input field. This overwhelms the input handling, causing the application to become unresponsive and crash. [1, 2]

Impact Analysis

This vulnerability can cause the GeoGebra Graphing Calculator application to crash and become unresponsive, resulting in a denial of service. This means legitimate users will be unable to use the application until it is restarted, potentially disrupting work or study that relies on the software. [1, 2]

Detection Guidance

This vulnerability can be detected by attempting to reproduce the denial of service condition locally on the system running GeoGebra Graphing Calculator 6.0.631.0. A proof-of-concept involves generating a payload of 8000 repeated characters (e.g., 'A') and inputting it into the application's input field labeled 'Entrada...'. There are no specific network detection commands since the attack vector is local. A sample method is to use a Python script to create a file with 8000 'A's and then paste its content into the application to see if it crashes. [2]

Mitigation Strategies

Immediate mitigation steps include avoiding inputting oversized buffers (such as 8000 repeated characters) into the GeoGebra Graphing Calculator input fields. Since the vulnerability requires local user interaction, restricting access to the application and educating users not to input large repetitive data can help. Additionally, monitoring for updates or patches from GeoGebra and applying them once available is recommended. [1, 2]

Compliance Impact

The vulnerability causes a denial of service by crashing the GeoGebra Graphing Calculator application through an oversized input buffer. It does not affect confidentiality, integrity, or availability beyond the denial of service impact. There is no information indicating that this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47877. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart