Cyber Resilience

CVE-2021-47818

MediumPublic PoC

Published: 16 January 2026

Published
16 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0003 9.3th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-47818 is a medium-severity Improper Validation of Specified Quantity in Input (CWE-1284) vulnerability in Sourceforge (inferred from references). Its CVSS base score is 4.6 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 9.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2021-47818 is a denial of service vulnerability in DupTerminator version 1.4.5639.37199. The issue allows attackers to crash the application by inputting a long character string, such as 8000 repeated characters, into the Excluded text box. This affects the application when running on Windows 10 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), corresponding to CWE-1284.

Unauthenticated attackers with network access can exploit the vulnerability due to its low attack complexity and lack of required user interaction. By supplying the oversized payload to the Excluded text box, they trigger the application to stop working, achieving a high-impact denial of service that disrupts availability without affecting confidentiality or integrity.

Advisories and related resources include the VulnCheck advisory at https://www.vulncheck.com/advisories/dupterminator-denial-of-service, a proof-of-concept exploit at https://www.exploit-db.com/exploits/49917, and the project page at https://sourceforge.net/projects/dupterminator/. No specific patches or mitigations are detailed in the available information.

EU & UK References

Vulnerability details

DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to…

more

stop working on Windows 10.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The CVE describes remote exploitation of an input-handling flaw (long string in Excluded textbox) that directly crashes the target application, matching T1499.004 Application or System Exploitation for Endpoint Denial of Service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2021-47827Shared CWE-1284
CVE-2021-47831Shared CWE-1284
CVE-2026-25863Shared CWE-1284
CVE-2026-8813Shared CWE-1284
CVE-2021-47824Shared CWE-1284
CVE-2025-12664Shared CWE-1284
CVE-2025-65548Shared CWE-1284
CVE-2025-14511Shared CWE-1284
CVE-2021-47821Shared CWE-1284
CVE-2026-2597Shared CWE-1284

Affected Assets

Sourceforge
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents DoS by validating and rejecting oversized inputs like 8000-character strings in the Excluded text box.

prevent

Protects the application against denial-of-service attacks triggered by oversized input payloads causing crashes.

prevent

Requires identification and remediation of the specific flaw in input handling that leads to application crashes.

References