Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2021-32471

Published: 10/05/2021 Updated: 19/05/2021
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 642
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Mit

Vulnerability Summary

Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data. For example, a tape head may have an unexpected location after the processing of input composed of As and Bs (instead of 0s and 1s). NOTE: the discoverer states "this vulnerability has no real-world implications."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

Github Repositories

https://github.com/intrinsic-propensity/intrinsic-propensity.github.io

This repository contains a web page with a detailed visualization of an exploit for vulnerability CVE-2021-32471 This exploit demonstrates how carefully crafted input for a Turing machine (TM) which itself is simulated using Marvin Minsky's universal Turing machine (UTM) in fact entraps the UTM not to run the given TM (as intended) but instead to execute another TM hidden

https://github.com/intrinsic-propensity/turing-machine

A Python program implementing and exploiting the Minsky Turing machine considered in the paper "Intrinsic Propensity for Vulnerability in Computers? Arbitrary Code Execution in the Universal Turing Machine" as per CVE-2021-32471 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32471)

Arbitrary Code Execution in the Universal Turing Machine This is an implementation of the Universal Turing Machine as presented in Minsky, Computation: Finite and infinite machines, 1967, Chapter 7 The default input to the simulated machine is an exploit that achieves arbitrary code execution Run the program with $ python37 minskys_turing_machinepy State 19 reading S writi

Recent Articles

Compsci boffin publishes proof-of-concept code for 54-year-old zero-day in Universal Turing Machine
The Register • Gareth Corfield • 11 May 2021

Patch your devi... oh, hang on a sec

A computer science professor from Sweden has discovered an arbitrary code execution vuln in the Universal Turing Machine, one of the earliest computer designs in history – though he admits it has "no real-world implications". In a paper published on academic repository ArXiv, Pontus Johnson, a professor at the KTH Royal Institute of Technology in Stockholm, Sweden, cheerfully explained that his findings wouldn't be exploitable in a real-world scenario because it pertained specifically to the 1...

Read more...

References

CWE-20https://github.com/intrinsic-propensity/turing-machinehttps://arxiv.org/abs/2105.02124https://nvd.nist.govhttps://github.com/intrinsic-propensity/intrinsic-propensity.github.iohttps://github.com/intrinsic-propensity/turing-machinehttps://www.theregister.co.uk/2021/05/11/turing_machine_0day_no_patch_available/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook