CVE-2021-47818
Published: 16 January 2026
Summary
CVE-2021-47818 is a medium-severity Improper Validation of Specified Quantity in Input (CWE-1284) vulnerability in Sourceforge (inferred from references). Its CVSS base score is 4.6 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 9.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2021-47818 is a denial of service vulnerability in DupTerminator version 1.4.5639.37199. The issue allows attackers to crash the application by inputting a long character string, such as 8000 repeated characters, into the Excluded text box. This affects the application when running on Windows 10 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), corresponding to CWE-1284.
Unauthenticated attackers with network access can exploit the vulnerability due to its low attack complexity and lack of required user interaction. By supplying the oversized payload to the Excluded text box, they trigger the application to stop working, achieving a high-impact denial of service that disrupts availability without affecting confidentiality or integrity.
Advisories and related resources include the VulnCheck advisory at https://www.vulncheck.com/advisories/dupterminator-denial-of-service, a proof-of-concept exploit at https://www.exploit-db.com/exploits/49917, and the project page at https://sourceforge.net/projects/dupterminator/. No specific patches or mitigations are detailed in the available information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2908
Vulnerability details
DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to…
more
stop working on Windows 10.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes remote exploitation of an input-handling flaw (long string in Excluded textbox) that directly crashes the target application, matching T1499.004 Application or System Exploitation for Endpoint Denial of Service.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents DoS by validating and rejecting oversized inputs like 8000-character strings in the Excluded text box.
Protects the application against denial-of-service attacks triggered by oversized input payloads causing crashes.
Requires identification and remediation of the specific flaw in input handling that leads to application crashes.