| Subject: | The last CVE entry is always lost when importing nvdcve-2.0-xxx.xml using bin/convert-nvdcve |
This module works well and fast when importing CVE from XML into Berkeley DB or querying the record. But it always miss the last CVE entry in feed-in XML. In order to verify this issue, we can put just two CVE entries into a feed-in XML(nvdcve-2.0-test.xml); a simple script is used to query the record from Berkeley DB(query_cve_by_cveid.pl)
step 1: Check the CVE information in the test feed-in file:
$grep -E 'entry.*CVE' nvdcve-2.0-test.xml
<entry id="CVE-2012-6703">
<entry id="CVE-2016-6170">
step 2: Import the CVEs in feed-in file, and check the messages:
$perl convert-nvdcve nvdcve-2.0-test.xml
processing file: nvdcve-2.0-test.xml.... 1 entries
Writing CPE URNs to disk...Done.
Writing NVD entries to disk... Done.
Writing CPE index to disk...Done.
The messages show convert-nvdcve only import 1 CVE entry into the DB.
step 3: we can try to query CVE from the db:
$perl query_cve_by_cveid.pl nvdcve-2.0.db nvdcve-2.0.idx_cpe.db CVE-2012-6703
CVE-2012-6703 Integer overflow in the snd_compr_allocate_buffer function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.6-rc6-next-20120917 allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.
$perl query_cve_by_cveid.pl nvdcve-2.0.db nvdcve-2.0.idx_cpe.db CVE-2016-6170
failed to retrieve CVE 'CVE-2016-6170': No such file or directory
at /home/zhaoqiang.zq/perl5/lib/perl5/NIST/NVD/Query.pm line 318.
So, convert-nvdcve does miss the last CVE entry in the feed-in file.
| Subject: | nvdcve-2.0-test.xml |
<?xml version='1.0' encoding='UTF-8'?>
<nvd xmlns:scap-core="http://scap.nist.gov/schema/scap-core/0.1" xmlns:cvss="http://scap.nist.gov/schema/cvss-v2/0.2" xmlns:vuln="http://scap.nist.gov/schema/vulnerability/0.4" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:patch="http://scap.nist.gov/schema/patch/0.1" xmlns="http://scap.nist.gov/schema/feed/vulnerability/2.0" xmlns:cpe-lang="http://cpe.mitre.org/language/2.0" nvd_xml_version="2.0" pub_date="2016-06-30T04:15:36" xsi:schemaLocation="http://scap.nist.gov/schema/patch/0.1 http://nvd.nist.gov/schema/patch_0.1.xsd http://scap.nist.gov/schema/feed/vulnerability/2.0 http://nvd.nist.gov/schema/nvd-cve-feed_2.0.xsd http://scap.nist.gov/schema/scap-core/0.1 http://nvd.nist.gov/schema/scap-core_0.1.xsd">
<entry id="CVE-2012-6703">
<vuln:vulnerable-configuration id="http://nvd.nist.gov/">
<cpe-lang:logical-test operator="OR" negate="false">
<cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6:rc5"/>
</cpe-lang:logical-test>
</vuln:vulnerable-configuration>
<vuln:vulnerable-software-list>
<vuln:product>cpe:/o:linux:linux_kernel:3.6:rc5</vuln:product>
</vuln:vulnerable-software-list>
<vuln:cve-id>CVE-2012-6703</vuln:cve-id>
<vuln:published-datetime>2016-06-29T10:10:00.130-04:00</vuln:published-datetime>
<vuln:last-modified-datetime>2016-06-29T13:56:11.873-04:00</vuln:last-modified-datetime>
<vuln:cvss>
<cvss:base_metrics>
<cvss:score>7.2</cvss:score>
<cvss:access-vector>LOCAL</cvss:access-vector>
<cvss:access-complexity>LOW</cvss:access-complexity>
<cvss:authentication>NONE</cvss:authentication>
<cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
<cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
<cvss:availability-impact>COMPLETE</cvss:availability-impact>
<cvss:source>http://nvd.nist.gov</cvss:source>
<cvss:generated-on-datetime>2016-06-29T13:40:35.073-04:00</cvss:generated-on-datetime>
</cvss:base_metrics>
</vuln:cvss>
<vuln:references xml:lang="en" reference_type="PATCH">
<vuln:source>CONFIRM</vuln:source>
<vuln:reference href="https://www.kernel.org/pub/linux/kernel/next/patch-v3.6-rc6-next-20120917.xz" xml:lang="en">https://www.kernel.org/pub/linux/kernel/next/patch-v3.6-rc6-next-20120917.xz</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
<vuln:source>CONFIRM</vuln:source>
<vuln:reference href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b35cc8225845112a616e3a2266d2fde5ab13d3ab" xml:lang="en">http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b35cc8225845112a616e3a2266d2fde5ab13d3ab</vuln:reference>
</vuln:references>
<vuln:summary>Integer overflow in the snd_compr_allocate_buffer function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.6-rc6-next-20120917 allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.</vuln:summary>
</entry>
<entry id="CVE-2016-6170">
<vuln:vulnerable-configuration id="http://nvd.nist.gov/">
<cpe-lang:logical-test operator="OR" negate="false">
<cpe-lang:fact-ref name="cpe:/a:isc:bind:9.11.0:b1"/>
<cpe-lang:fact-ref name="cpe:/a:isc:bind:9.0"/>
</cpe-lang:logical-test>
</vuln:vulnerable-configuration>
<vuln:vulnerable-software-list>
<vuln:product>cpe:/a:isc:bind:9.10.4</vuln:product>
<vuln:product>cpe:/a:isc:bind:9.3.0:rc1</vuln:product>
</vuln:vulnerable-software-list>
<vuln:cve-id>CVE-2016-6170</vuln:cve-id>
<vuln:published-datetime>2016-07-06T10:59:05.597-04:00</vuln:published-datetime>
<vuln:last-modified-datetime>2016-07-09T21:59:01.293-04:00</vuln:last-modified-datetime>
<vuln:cvss>
<cvss:base_metrics>
<cvss:score>4.0</cvss:score>
<cvss:access-vector>NETWORK</cvss:access-vector>
<cvss:access-complexity>LOW</cvss:access-complexity>
<cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
<cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
<cvss:integrity-impact>NONE</cvss:integrity-impact>
<cvss:availability-impact>PARTIAL</cvss:availability-impact>
<cvss:source>http://nvd.nist.gov</cvss:source>
<cvss:generated-on-datetime>2016-07-07T19:02:30.127-04:00</cvss:generated-on-datetime>
</cvss:base_metrics>
</vuln:cvss>
<vuln:cwe id="CWE-20"/>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>MLIST</vuln:source>
<vuln:reference href="https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html" xml:lang="en">[dns-operations] 20160706 DNS activities in Japan</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>MLIST</vuln:source>
<vuln:reference href="http://www.openwall.com/lists/oss-security/2016/07/06/3" xml:lang="en">[oss-security] 20160706 Malicious primary DNS servers can crash secondaries</vuln:reference>
</vuln:references>
<vuln:summary>ISC BIND through 9.10.4-P1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.</vuln:summary>
</entry>
</nvd>
| Subject: | query_cve_by_cveid.pl |
use NIST::NVD::Query;
my ( $path_to_db, $path_to_idx_cpe, $cve_id ) = @ARGV;
my $q = NIST::NVD::Query->new(
database => $path_to_db,
idx_cpe => $path_to_idx_cpe
);
my $entry = $q->cve( cve_id => $cve_id );
push( @entry, $entry );
print "$entry->{'vuln:cve-id'}\t";
print "$entry->{'vuln:summary'}\n";