CVE-2021-47827
Published: 16 January 2026
Summary
CVE-2021-47827 is a high-severity Improper Validation of Specified Quantity in Input (CWE-1284) vulnerability in Apple (inferred from references). Its CVSS base score is 7.5 (High).
Operationally, ranked at the 3.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
NVD Description
WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerability by copying a 300-character buffer of repeated 'A' characters into…
more
the mashREPL input field, causing the application to crash.
Deeper analysisAI
CVE-2021-47827 is a denial of service vulnerability in the mashREPL tool of WebSSH for iOS version 14.16.10. The issue allows attackers to crash the application by pasting malformed input, such as a 300-character buffer of repeated 'A' characters into the mashREPL input field. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and maps to CWE-1284.
The vulnerability can be exploited by any network-accessible attacker requiring low complexity, no privileges, and no user interaction. Exploitation crashes the WebSSH iOS application, resulting in a denial of service with high availability impact but no confidentiality or integrity effects.
Advisories and related resources include the WebSSH app page on the Apple App Store, an exploit proof-of-concept published on Exploit-DB (ID 49883), and a VulnCheck advisory detailing the WebSSH for iOS mashREPL denial of service. No specific patch or mitigation details are outlined in the provided references.
Details
- CWE(s)