Vulnerability Details : CVE-2021-32471
Potential exploit
Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data. For example, a tape head may have an unexpected location after the processing of input composed of As and Bs (instead of 0s and 1s). NOTE: the discoverer states "this vulnerability has no real-world implications."
Vulnerability category: Input validationExecute code
Products affected by CVE-2021-32471
- cpe:2.3:a:mit:universal_turing_machine:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-32471
21.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-32471
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2021-32471
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-32471
-
https://arxiv.org/abs/2105.02124
[2105.02124] Intrinsic Propensity for Vulnerability in Computers? Arbitrary Code Execution in the Universal Turing MachineThird Party Advisory
-
https://github.com/intrinsic-propensity/turing-machine
GitHub - intrinsic-propensity/turing-machine: A Python program implementing and exploiting the Minsky Turing machine considered in the paper "Intrinsic Propensity for Vulnerability in Computers? ArbitExploit;Third Party Advisory
Jump to