Insufficient Input Validation in Universal Turing Machine by Intrinsic Propensity
CVE-2021-32471

7.8HIGH

Key Information:

Vendor: Mit
Status: Universal Turing Machine
Vendor: CVE Published:; 10 May 2021

Badges

👾 Exploit Exists

What is CVE-2021-32471?

The Universal Turing Machine, specifically in its 1967 implementation by Intrinsic Propensity, is affected by insufficient input validation. This issue allows users to execute arbitrary code through carefully crafted input data that alters the expected behavior of the system. An example is when a tape head could end up in an unexpected location while processing inputs consisting of 'A's and 'B's instead of the intended binary '0's and '1's. Although noted that this vulnerability has no real-world implications, it is essential to be aware of such weaknesses in software design.

References

https://arxiv.org/abs/2105.02124

x_refsource_MISC

https://github.com/intrinsic-propensity/turing-machine

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 10, 2021
Vulnerability Reserved
May 7, 2021
🟡
Public PoC available
Jan 21, 2021
👾
Exploit known to exist
Jan 21, 2021

CVE-2021-32471 Data

JSON

Mit

Badges

What is CVE-2021-32471?

References

EPSS Score

CVSS V3.1

Timeline