CVE-2021-32471
Last modified
CVE-2021-32471 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data. For example, a tape head may have an unexpected location after the processing of input composed of As and Bs (instead of 0s and 1s). EPSS estimates a 0.85% chance of exploitation in the next 30 days.
Description
Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data. For example, a tape head may have an unexpected location after the processing of input composed of As and Bs (instead of 0s and 1s). NOTE: the discoverer states "this vulnerability has no real-world implications."
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mit | Universal Turing Machine | All versions |
References
- https://arxiv.org/abs/2105.02124Third Party Advisory
- https://github.com/intrinsic-propensity/turing-machineExploit, Third Party Advisory
- https://arxiv.org/abs/2105.02124Third Party Advisory
- https://github.com/intrinsic-propensity/turing-machineExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-32471?
How severe is CVE-2021-32471?
How do I fix CVE-2021-32471?
Are you affected by CVE-2021-32471?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST