CVE-2021-32471
HIGHMIT Universal Turing Machine - Remote Code Execution via Crafted Input
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2021-32471. PoCs published by intrinsic-propensity.
AI-analyzed exploit summary This repository contains a functional implementation of a Universal Turing Machine (UTM) as described by Minsky, with a default exploit achieving arbitrary code execution. The exploit leverages the intrinsic properties of the UTM to execute arbitrary code, demonstrating the vulnerability detailed in CVE-2021-32471.
Description
Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data. For example, a tape head may have an unexpected location after the processing of input composed of As and Bs (instead of 0s and 1s). NOTE: the discoverer states "this vulnerability has no real-world implications."
Exploits (1)
This repository contains a functional implementation of a Universal Turing Machine (UTM) as described by Minsky, with a default exploit achieving arbitrary code execution. The exploit leverages the intrinsic properties of the UTM to execute arbitrary code, demonstrating the vulnerability detailed in CVE-2021-32471.
References (2)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H