CVE-2021-47818

7.5 HIGH

Denial of Service Buffer Overflow

📋 TL;DR

DupTerminator 1.4.5639.37199 contains a denial of service vulnerability where attackers can crash the application by inputting a long string (8000 repeated characters) in the Excluded text box. This affects all users running the vulnerable version on Windows 10 systems.

💻 Affected Systems

Products:

• DupTerminator

Versions: 1.4.5639.37199

Operating Systems: Windows 10

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific version mentioned; other versions may also be vulnerable but not confirmed.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

1. Review the CVE details at NVD
2. Check vendor security advisories for your specific version
3. Test if the vulnerability is exploitable in your environment
4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete application crash requiring manual restart, potentially disrupting file deduplication operations and causing data processing delays.

🟠

Likely Case

Application becomes unresponsive and crashes, requiring user intervention to restart the program.

🟢

If Mitigated

Application remains functional with proper input validation preventing the crash.

🌐 Internet-Facing: LOW - This is a local desktop application, not typically exposed to the internet.

🏢 Internal Only: MEDIUM - While exploitation requires local access, it could be used by malicious insiders or through social engineering to disrupt legitimate users.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires local access to the application interface; payload of 8000 repeated characters triggers the crash.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider alternative software or implement workarounds.

🔧 Temporary Workarounds

Input Validation Restriction

windows

Limit character input length in the Excluded text box to prevent buffer overflow.

Application Sandboxing

windows

Run DupTerminator in a restricted environment to limit impact of crashes.

🧯 If You Can't Patch

• Restrict user access to DupTerminator to trusted personnel only.
• Monitor application logs for unusual input patterns or repeated crashes.

🔍 How to Verify

Check if Vulnerable:

Copy

Check DupTerminator version in Help > About menu; if version is 1.4.5639.37199, it is vulnerable.

Check Version:

Copy

Not applicable - check via application GUI.

Verify Fix Applied:

Copy

Test by inputting 8000 repeated characters in the Excluded text box; if application doesn't crash, fix may be effective.

📡 Detection & Monitoring

Log Indicators:

• Application crash logs
• Windows Event Viewer entries for application failures

Network Indicators:

• None - local application only

SIEM Query:

Copy

EventID:1000 OR EventID:1001 AND ProcessName:'DupTerminator.exe'

📊 Metadata

CVE ID: CVE-2021-47818

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-1284

EPSS Score: 0.04% exploit probability (10.6th percentile)

Published: January 16, 2026

Last Updated: January 26, 2026

🔗 References

• https://sourceforge.net/projects/dupterminator/
• https://www.exploit-db.com/exploits/49917
• https://www.vulncheck.com/advisories/dupterminator-denial-of-service

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47818, you might also want to check these:

CVE-2024-8887 10.0

CVE-2024-8887 is an authentication bypass vulnerability in CIRCUTOR Q-SMT firmware that allows attac...

Same vulnerability type (CWE-1284)

CVE-2025-55398 9.8

A vulnerability in mouse07410 asn1c through version 0.9.29 allows attackers to bypass INTEGER constr...

Same vulnerability type (CWE-1284)

CVE-2021-31556 9.8

This vulnerability in MediaWiki's OAuth extension allows attackers to cause denial of service or pot...

Same vulnerability type (CWE-1284)