diff options
| author | Nicolas Graves <ngraves@ngraves.fr> | 2025-08-26 13:17:16 +0200 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2025-08-31 12:39:24 +0200 |
| commit | d431f4620a4c077383e1168f932e86c99ae33834 (patch) | |
| tree | 64953bdd65be8f052db0e7c430321872ed93e608 | |
| parent | ad5e0fc720fe336f50315218c2e32648de606974 (diff) | |
| download | guix-d431f4620a4c077383e1168f932e86c99ae33834.tar guix-d431f4620a4c077383e1168f932e86c99ae33834.tar.gz | |
cve: Upgrade to JSON 2.0 feeds.
Fixes guix/guix#2213. The 1.1-formatted-data is no longer available
from NIST.
* guix/cve.scm (string->date*, <cve-item>,
reference-data->cve-configuration, cpe-match->cve-configuration,
configuration-data->cve-configurations, json->cve-items,
yearly-feed-uri, cve-item->vulnerability): Upgrade to JSON 2.0 feeds
schema.
(<cve>): Remove uneeded record.
* tests/cve-sample.json: Update them. Remove CVE-2019-0005 (no value
added, lots of lines).
* tests/cve.scm (%expected-vulnerabilities): Upgrade accordingly.
(json->cve-items, vulnerabilities->lookup-proc tests): Update accordingly.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| -rw-r--r-- | guix/cve.scm | 103 | ||||
| -rw-r--r-- | tests/cve-sample.json | 2951 | ||||
| -rw-r--r-- | tests/cve.scm | 67 |
3 files changed, 1766 insertions, 1355 deletions
diff --git a/guix/cve.scm b/guix/cve.scm index 6a6d8406bf..8dc293e85d 100644 --- a/guix/cve.scm +++ b/guix/cve.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2015-2021 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2025 Nicolas Graves <ngraves@ngraves.fr> ;;; ;;; This file is part of GNU Guix. ;;; @@ -36,17 +37,11 @@ #:export (json->cve-items cve-item? - cve-item-cve + cve-item-id cve-item-configurations cve-item-published-date cve-item-last-modified-date - cve? - cve-id - cve-data-type - cve-data-format - cve-references - cve-reference? cve-reference-url cve-reference-tags @@ -68,28 +63,17 @@ ;;; Code: (define (string->date* str) - (string->date str "~Y-~m-~dT~H:~M~z")) + (string->date str "~Y-~m-~dT~H:~M:~S")) (define-json-mapping <cve-item> cve-item cve-item? json->cve-item - (cve cve-item-cve "cve" json->cve) ;<cve> - (configurations cve-item-configurations ;list of sexps + (id cve-item-id "id") ;string + (configurations cve-item-configurations ;list of sexps "configurations" configuration-data->cve-configurations) (published-date cve-item-published-date - "publishedDate" string->date*) + "published" string->date*) (last-modified-date cve-item-last-modified-date - "lastModifiedDate" string->date*)) - -(define-json-mapping <cve> cve cve? - json->cve - (id cve-id "CVE_data_meta" ;string - (cut assoc-ref <> "ID")) - (data-type cve-data-type ;'CVE - "data_type" string->symbol) - (data-format cve-data-format ;'MITRE - "data_format" string->symbol) - (references cve-references ;list of <cve-reference> - "references" reference-data->cve-references)) + "lastModified" string->date*)) (define-json-mapping <cve-reference> cve-reference cve-reference? json->cve-reference @@ -97,12 +81,6 @@ (tags cve-reference-tags ;list of strings "tags" vector->list)) -(define (reference-data->cve-references alist) - (map json->cve-reference - ;; Normally "reference_data" is always present but rejected CVEs such - ;; as CVE-2020-10020 can lack it. - (vector->list (or (assoc-ref alist "reference_data") '#())))) - (define %cpe-package-rx ;; For applications: "cpe:2.3:a:VENDOR:PACKAGE:VERSION", or sometimes ;; "cpe:2.3:a:VENDOR:PACKAGE:VERSION:PATCH-LEVEL". @@ -132,15 +110,15 @@ Return three #f values if CPE does not look like an application CPE string." (values #f #f #f)))) (define (cpe-match->cve-configuration alist) - "Convert ALIST, a \"cpe_match\" alist, into an sexp representing the package + "Convert ALIST, a \"cpeMatch\" alist, into an sexp representing the package and versions matched. Return #f if ALIST doesn't correspond to an application package." - (let ((cpe (assoc-ref alist "cpe23Uri")) + (let ((cpe (assoc-ref alist "criteria")) (starti (assoc-ref alist "versionStartIncluding")) (starte (assoc-ref alist "versionStartExcluding")) (endi (assoc-ref alist "versionEndIncluding")) (ende (assoc-ref alist "versionEndExcluding"))) - ;; Normally "cpe23Uri" is here in each "cpe_match" item, but CVE-2020-0534 + ;; Normally "criteria" is here in each "cpeMatch" item, but CVE-2020-0534 ;; has a configuration that lacks it. (and cpe (let ((vendor package version (cpe->package-identifier cpe))) @@ -156,7 +134,7 @@ package." (ende `(< ,ende)) (else version)))))))) -(define (configuration-data->cve-configurations alist) +(define (configuration-data->cve-configurations vector) "Given ALIST, a JSON dictionary for the baroque \"configurations\" element found in CVEs, return an sexp such as (\"binutils\" (< \"2.31\")) that represents matching configurations." @@ -165,10 +143,13 @@ element found in CVEs, return an sexp such as (\"binutils\" (< ("OR" 'or) ("AND" 'and))) + (define (maybe-vector->alist vector) + (vector->list (or (and (unspecified? vector) #()) vector #()))) + (define (node->configuration node) (let ((operator (string->operator (assoc-ref node "operator")))) (cond - ((assoc-ref node "cpe_match") + ((assoc-ref node "cpeMatch") => (lambda (matches) (let ((matches (vector->list matches))) @@ -187,28 +168,31 @@ element found in CVEs, return an sexp such as (\"binutils\" (< (else #f)))) - (let ((nodes (vector->list (assoc-ref alist "nodes")))) + (let* ((alist (maybe-vector->alist vector)) + (nodes (if (null? alist) + '() + (maybe-vector->alist (assoc-ref (car alist) "nodes"))))) (filter-map node->configuration nodes))) (define (json->cve-items json) "Parse JSON, an input port or a string, and return a list of <cve-item> records." - (let* ((alist (json->scm json)) - (type (assoc-ref alist "CVE_data_type")) - (format (assoc-ref alist "CVE_data_format")) - (version (assoc-ref alist "CVE_data_version"))) - (unless (equal? type "CVE") - (raise (condition (&message - (message "invalid CVE feed"))))) - (unless (equal? format "MITRE") - (raise (formatted-message (G_ "unsupported CVE format: '~a'") - format))) - (unless (equal? version "4.0") - (raise (formatted-message (G_ "unsupported CVE data version: '~a'") - version))) + (let ((alist (json->scm json))) + (match (assoc-ref alist "format") + ("NVD_CVE" + #t) + (format + (raise (formatted-message (G_ "unsupported CVE format: '~a'") + format)))) + (match (assoc-ref alist "version") + ("2.0" + #t) + (version + (raise (formatted-message (G_ "unsupported CVE data version: '~a'") + version)))) - (map json->cve-item - (vector->list (assoc-ref alist "CVE_Items"))))) + (map (compose json->cve-item (cut assoc-ref <> "cve")) + (vector->list (assoc-ref alist "vulnerabilities"))))) (define (version-matches? version sexp) "Return true if VERSION, a string, matches SEXP." @@ -269,7 +253,7 @@ HIDDEN-VENDORS." (define (yearly-feed-uri year) "Return the URI for the CVE feed for YEAR." (string->uri - (string-append "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-" + (string-append "https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-" (number->string year) ".json.gz"))) (define %current-year-ttl @@ -352,14 +336,13 @@ matching versions." "Return a <vulnerability> corresponding to ITEM, a <cve-item> record; return #f if ITEM does not list any configuration or if it does not list any \"a\" (application) configuration." - (let ((id (cve-id (cve-item-cve item)))) - (match (cve-item-configurations item) - (() ;no configurations - #f) - ((configs ...) - (vulnerability id - (merge-package-lists - (map cve-configuration->package-list configs))))))) + (match (cve-item-configurations item) + (() ;no configurations + #f) + ((configs ...) + (vulnerability (cve-item-id item) + (merge-package-lists + (map cve-configuration->package-list configs)))))) (define (json->vulnerabilities json) "Parse JSON, an input port or a string, and return the list of diff --git a/tests/cve-sample.json b/tests/cve-sample.json index 11b71817bb..bd7963cda5 100644 --- a/tests/cve-sample.json +++ b/tests/cve-sample.json @@ -1,1279 +1,1710 @@ { - "CVE_data_type" : "CVE", - "CVE_data_format" : "MITRE", - "CVE_data_version" : "4.0", - "CVE_data_numberOfCVEs" : "9826", - "CVE_data_timestamp" : "2019-10-17T07:00Z", - "CVE_Items" : [ { - "cve" : { - "data_type" : "CVE", - "data_format" : "MITRE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2019-0001", - "ASSIGNER" : "cve@mitre.org" - }, - "problemtype" : { - "problemtype_data" : [ { - "description" : [ { - "lang" : "en", - "value" : "CWE-400" - } ] - } ] - }, - "references" : { - "reference_data" : [ { - "url" : "http://www.securityfocus.com/bid/106541", - "name" : "106541", - "refsource" : "BID", - "tags" : [ "Third Party Advisory", "VDB Entry" ] - }, { - "url" : "https://kb.juniper.net/JSA10900", - "name" : "https://kb.juniper.net/JSA10900", - "refsource" : "CONFIRM", - "tags" : [ "Vendor Advisory" ] - } ] - }, - "description" : { - "description_data" : [ { - "lang" : "en", - "value" : "Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2." - } ] - } - }, - "configurations" : { - "CVE_data_version" : "4.0", - "nodes" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:*:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.2:*:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:*:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.2:*:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.2:r1-s3:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.2:r1-s4:*:*:*:*:*:*" - } ] - } ] - }, - "impact" : { - "baseMetricV3" : { - "cvssV3" : { - "version" : "3.0", - "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "attackVector" : "NETWORK", - "attackComplexity" : "HIGH", - "privilegesRequired" : "NONE", - "userInteraction" : "NONE", - "scope" : "UNCHANGED", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "availabilityImpact" : "HIGH", - "baseScore" : 5.9, - "baseSeverity" : "MEDIUM" - }, - "exploitabilityScore" : 2.2, - "impactScore" : 3.6 - }, - "baseMetricV2" : { - "cvssV2" : { - "version" : "2.0", - "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "accessVector" : "NETWORK", - "accessComplexity" : "MEDIUM", - "authentication" : "NONE", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "availabilityImpact" : "COMPLETE", - "baseScore" : 7.1 + "resultsPerPage": 6, + "startIndex": 0, + "totalResults": 6, + "format": "NVD_CVE", + "version": "2.0", + "timestamp": "2025-08-23T03:01:35.4173588", + "vulnerabilities": [ + { + "cve": { + "id": "CVE-2019-0001", + "sourceIdentifier": "sirt@juniper.net", + "published": "2019-01-15T21:29:00.760", + "lastModified": "2024-11-21T04:16:01.113", + "vulnStatus": "Modified", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2." + }, + { + "lang": "es", + "value": "La recepción de un paquete mal formado en dispositivos MX Series con una configuración vlan dinámica puede desencadenar un bucle de recursión no controlado en el demonio de gestión de suscriptores Broadband Edge (bbe-smgd) y conducir a un alto uso de CPU y el cierre inesperado del servicio bbe-smgd. La recepción repetida del mismo paquete puede resultar en una condición de denegación de servicio (DoS) extendida para los dispositivos. Las versiones afectadas son Juniper Networks Junos OS: 16.1 en versiones anteriores a la 16.1R7-S1; 16.2 en versiones anteriores a la 16.2R2-S7; 17.1 en versiones anteriores a la 17.1R2-S10, 17.1R3; 17.2 en versiones anteriores a la 17.2R3; 17.3 en versiones anteriores a la 17.3R3-S1; 17.4 en versiones anteriores a la 17.4R2; 18.1 en versiones anteriores a la 18.1R3 y 18.2 en versiones anteriores a la 18.2R2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], + "cvssMetricV30": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], + "cvssMetricV2": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "baseScore": 7.1, + "accessVector": "NETWORK", + "accessComplexity": "MEDIUM", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "COMPLETE" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.6, + "impactScore": 6.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] }, - "severity" : "HIGH", - "exploitabilityScore" : 8.6, - "impactScore" : 6.9, - "acInsufInfo" : false, - "obtainAllPrivilege" : false, - "obtainUserPrivilege" : false, - "obtainOtherPrivilege" : false, - "userInteractionRequired" : false + "weaknesses": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-674" + } + ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-674" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:-:*:*:*:*:*:*", + "matchCriteriaId": "258A380C-1EA0-407D-B7E3-4A2E8820119C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*", + "matchCriteriaId": "BBE35BDC-7739-4854-8BB8-E8600603DE9D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*", + "matchCriteriaId": "2DC47132-9EEA-4518-8F86-5CD231FBFB61" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*", + "matchCriteriaId": "CD5A30CE-9498-4007-8E66-FD0CC6CF1836" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r3-s10:*:*:*:*:*:*", + "matchCriteriaId": "07CD1E7C-24EA-46B7-964C-C78FF64AFAE6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r3-s11:*:*:*:*:*:*", + "matchCriteriaId": "8A457C57-4A36-433D-9473-5ABC091DF316" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r4:*:*:*:*:*:*", + "matchCriteriaId": "6D3E38C1-808C-4BD3-993D-F30855F5390F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s12:*:*:*:*:*:*", + "matchCriteriaId": "C2AF9C4B-23E6-485D-A115-2B728E929C6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s2:*:*:*:*:*:*", + "matchCriteriaId": "1FD11073-DC27-41F8-A6A2-7E22A062D14E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s3:*:*:*:*:*:*", + "matchCriteriaId": "2A78389E-868C-422D-9AA3-8A672DF6C2AF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s4:*:*:*:*:*:*", + "matchCriteriaId": "85BFC22F-A6B3-4306-A28B-5D78FFA6402D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s6:*:*:*:*:*:*", + "matchCriteriaId": "99276E50-825C-4BB4-8496-1F81BDA21655" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r5:*:*:*:*:*:*", + "matchCriteriaId": "72194CB7-FFDC-4897-9D6E-EA3459DDDEB5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r5-s4:*:*:*:*:*:*", + "matchCriteriaId": "C88635DB-09B1-4DA1-8FC3-2F7A7E42819C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r6:*:*:*:*:*:*", + "matchCriteriaId": "92F35C19-5AD2-4F98-8313-2E880714DF3B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r6-s1:*:*:*:*:*:*", + "matchCriteriaId": "DF5A9D31-ED7D-4390-B46D-7E46089DB932" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r6-s6:*:*:*:*:*:*", + "matchCriteriaId": "90B94472-0E32-48AD-A690-AABB2C53CA58" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r7:*:*:*:*:*:*", + "matchCriteriaId": "6B4A4960-0241-4BF4-8857-8B7BE33466B6" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.2:-:*:*:*:*:*:*", + "matchCriteriaId": "9677CE18-B955-432F-BA2B-AAE3D0CA0F16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "3661BC68-6F32-447F-8D20-FD73FBBED9C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.2:r2:*:*:*:*:*:*", + "matchCriteriaId": "5B6097D4-3856-4696-9A26-5B6C0FD9AD6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "84DD80BF-BF7E-447B-AA74-00B3D8036E36" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "57B89EEB-222D-46AA-BC8F-4EE7E17BA7B6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s5:*:*:*:*:*:*", + "matchCriteriaId": "ECAE613D-1317-4D2E-8A61-980CD5DEAED8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s6:*:*:*:*:*:*", + "matchCriteriaId": "BAB2D63C-C966-42CA-85A9-09820D00A2D8" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.1:-:*:*:*:*:*:*", + "matchCriteriaId": "CC9B5CDE-3A50-4CD3-962A-FA0989939F37" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*", + "matchCriteriaId": "7572C187-4D58-4E0D-A605-B2B13EFF5C6B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.1:r2:*:*:*:*:*:*", + "matchCriteriaId": "E34A149E-C2ED-4D86-A105-0A2775654AE7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "4E0D42C4-9B4D-44F9-BC84-E7994404598B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "DE2C20D8-3C73-4B87-BA41-DBFBCA5FBA58" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s3:*:*:*:*:*:*", + "matchCriteriaId": "54D887B4-D2F4-4537-8298-B98D01396F12" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s4:*:*:*:*:*:*", + "matchCriteriaId": "1C1B5AE6-A323-4744-BCA1-25E46D2D27BB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s5:*:*:*:*:*:*", + "matchCriteriaId": "0AB39E2F-0D67-4FA6-84B8-36684E971002" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s6:*:*:*:*:*:*", + "matchCriteriaId": "A32C3702-48DE-47CF-B0D1-3A629676AD03" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s7:*:*:*:*:*:*", + "matchCriteriaId": "B9695B3E-FCDA-4DF0-B714-8B4F87AA647D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s8:*:*:*:*:*:*", + "matchCriteriaId": "36214C23-82C8-4A3E-9FF8-04F85FF8B2B7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s9:*:*:*:*:*:*", + "matchCriteriaId": "F3778643-1684-4549-A764-A1909C14B4B3" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:-:*:*:*:*:*:*", + "matchCriteriaId": "BCEE8D9C-6D64-4A9B-A74A-57A0BF4086C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "E889BF9C-BDDF-4A6A-97BB-00A097EF6D91" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "8BCF0612-AF16-4925-8E42-77734513F923" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "595987A6-D8CE-41ED-B51C-EF9CD3B47AD0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s3:*:*:*:*:*:*", + "matchCriteriaId": "7B5A2205-C40B-4746-9A23-1973433FF065" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s4:*:*:*:*:*:*", + "matchCriteriaId": "CFA3526C-FF53-4823-B6AC-0BA91BFB532D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s5:*:*:*:*:*:*", + "matchCriteriaId": "AA92B7F8-705B-410F-BDA3-7C28FF51967F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s7:*:*:*:*:*:*", + "matchCriteriaId": "9689695F-53EB-4B35-9072-750E7282B011" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s8:*:*:*:*:*:*", + "matchCriteriaId": "4F7CE683-5647-455B-936C-DF0D973A180A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:r2:*:*:*:*:*:*", + "matchCriteriaId": "7D45F2C3-20FF-4A91-A440-E109B3CCE7C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:r2-s11:*:*:*:*:*:*", + "matchCriteriaId": "BA433E05-83F8-410D-AEB3-3A02BAB0BE0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:r2-s6:*:*:*:*:*:*", + "matchCriteriaId": "B87ECEAD-FD18-4252-8D46-F281DD4125AC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:r2-s7:*:*:*:*:*:*", + "matchCriteriaId": "C6788EE2-B0DA-470E-B72E-E8D5CCFB5259" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.3:-:*:*:*:*:*:*", + "matchCriteriaId": "A283D32F-1CAF-4A5A-83E1-585F2801771F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*", + "matchCriteriaId": "38A40E03-F915-4888-87B0-5950F75F097D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.3:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "C52E355B-DA7D-4FDE-B2D7-A3C3C9C99918" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*", + "matchCriteriaId": "69FC46D4-39E2-4E2F-A1D3-1001769A7115" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "32F83E8B-A816-4F26-95F8-F0DA7F3DF426" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "2C433359-BC8B-4E69-BE74-A31EB148083A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s3:*:*:*:*:*:*", + "matchCriteriaId": "BCA2976C-C84B-40D9-A806-588629BFFB13" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s4:*:*:*:*:*:*", + "matchCriteriaId": "A2C7B980-033E-40AC-98C9-B252733B0F43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s5:*:*:*:*:*:*", + "matchCriteriaId": "BA8D32E4-1892-46DC-9782-5466A14E18D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.3:r3:-:*:*:*:*:*", + "matchCriteriaId": "D1CAEBD2-2E46-44B5-B1D1-1DDBD450FD27" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.4:-:*:*:*:*:*:*", + "matchCriteriaId": "A00CA6FB-8F28-4171-B510-8DBA351E80C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "988D317A-0646-491F-9B97-853E8E208276" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "605F1AD7-5B09-44F0-9017-15AB3EEE559C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "CEDDCD30-2255-4FA9-B3E2-9E88AB6F8D80" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s4:*:*:*:*:*:*", + "matchCriteriaId": "4E4EB6B0-8DB2-4199-96E4-30195D49F756" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s5:*:*:*:*:*:*", + "matchCriteriaId": "204FC7B5-9CF2-4AC2-9B8D-DA48CAEA6496" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s6:*:*:*:*:*:*", + "matchCriteriaId": "9D8A8E33-473A-4A40-A7B7-47086BB9012A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s7:*:*:*:*:*:*", + "matchCriteriaId": "F0F65DCA-34B9-4CE8-91C9-426AAAEB4097" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:18.2:-:*:*:*:*:*:*", + "matchCriteriaId": "A8B5BD93-3C11-45D5-ACF0-7C4C01106C8A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:18.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "167EEC4F-729E-47C2-B0F8-E8108CE3E985" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s3:*:*:*:*:*:*", + "matchCriteriaId": "A893CCE5-96B8-44A1-ABEF-6AB9B527B2FB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s4:*:*:*:*:*:*", + "matchCriteriaId": "42203801-E2E7-4DCF-ABBB-D23A91B2A9FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s5:*:*:*:*:*:*", + "matchCriteriaId": "238EC996-8E8C-4332-916F-09E54E6EBB9D" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", + "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", + "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33" + } + ] + } + ] + } + ], + "references": [ + { + "url": "http://www.securityfocus.com/bid/106541", + "source": "sirt@juniper.net", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] + }, + { + "url": "https://kb.juniper.net/JSA10900", + "source": "sirt@juniper.net", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKFSHPMOZL7MDWU5RYOTIBTRWSZ4Z6X/", + "source": "sirt@juniper.net" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7CPKBW4QZ4VIY4UXIUVUSHRJ4R2FROE/", + "source": "sirt@juniper.net" + }, + { + "url": "http://www.securityfocus.com/bid/106541", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] + }, + { + "url": "https://kb.juniper.net/JSA10900", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKFSHPMOZL7MDWU5RYOTIBTRWSZ4Z6X/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7CPKBW4QZ4VIY4UXIUVUSHRJ4R2FROE/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + } + ] } }, - "publishedDate" : "2019-01-15T21:29Z", - "lastModifiedDate" : "2019-10-09T23:43Z" - }, { - "cve" : { - "data_type" : "CVE", - "data_format" : "MITRE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2019-0005", - "ASSIGNER" : "cve@mitre.org" - }, - "problemtype" : { - "problemtype_data" : [ { - "description" : [ { - "lang" : "en", - "value" : "CWE-400" - } ] - } ] - }, - "references" : { - "reference_data" : [ { - "url" : "http://www.securityfocus.com/bid/106665", - "name" : "106665", - "refsource" : "BID", - "tags" : [ "Third Party Advisory" ] - }, { - "url" : "https://kb.juniper.net/JSA10905", - "name" : "https://kb.juniper.net/JSA10905", - "refsource" : "CONFIRM", - "tags" : [ "Vendor Advisory" ] - } ] - }, - "description" : { - "description_data" : [ { - "lang" : "en", - "value" : "On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter configuration cannot perform packet matching on any IPv6 extension headers. This issue may allow IPv6 packets that should have been blocked to be forwarded. IPv4 packet filtering is unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS on EX and QFX series;: 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R7; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 series; 15.1X53 versions prior to 15.1X53-D591 on EX2300/EX3400 series; 16.1 versions prior to 16.1R7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2." - } ] - } - }, - "configurations" : { - "CVE_data_version" : "4.0", - "nodes" : [ { - "operator" : "AND", - "children" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:*:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d10:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d15:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d16:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d25:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d26:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d27:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d30:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d35:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d40:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d42:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d43:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d44:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d45:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d46:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" - } ] - } ] - }, { - "operator" : "AND", - "children" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:*:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r2:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r3:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r4:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r5:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r6:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" - } ] - } ] - }, { - "operator" : "AND", - "children" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:*:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d50:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d51:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d52:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" - } ] - } ] - }, { - "operator" : "AND", - "children" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:*:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d210:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d230:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d234:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d50:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d51:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d52:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d55:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d57:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d58:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d59:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d590:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" - } ] - } ] - }, { - "operator" : "AND", - "children" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:*:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r3-s10:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r5:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6-s6:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" - } ] - } ] - }, { - "operator" : "AND", - "children" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:*:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" - } ] - } ] - }, { - "operator" : "AND", - "children" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:*:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1-s7:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r2:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" - } ] - } ] - }, { - "operator" : "AND", - "children" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:*:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:gfx3600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" - } ] - } ] - }, { - "operator" : "AND", - "children" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:*:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" - } ] - } ] - }, { - "operator" : "AND", - "children" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.1:*:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.1:r1:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" - } ] - } ] - } ] - }, - "impact" : { - "baseMetricV3" : { - "cvssV3" : { - "version" : "3.0", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "attackVector" : "NETWORK", - "attackComplexity" : "LOW", - "privilegesRequired" : "NONE", - "userInteraction" : "NONE", - "scope" : "UNCHANGED", - "confidentialityImpact" : "NONE", - "integrityImpact" : "LOW", - "availabilityImpact" : "NONE", - "baseScore" : 5.3, - "baseSeverity" : "MEDIUM" + { + "cve": { + "id": "CVE-2019-1010204", + "sourceIdentifier": "josh@bress.net", + "published": "2019-07-23T14:15:13.373", + "lastModified": "2024-11-21T04:18:03.163", + "vulnStatus": "Modified", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened." + }, + { + "lang": "es", + "value": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) está afectado por: Validación incorrecta de entrada, comparación firmada / sin firmar, lectura fuera de límites. El impacto es: Denegación de servicio. El componente es: gold / fileread.cc: 497, elfcpp / elfcpp_file.h: 644. El vector de ataque es: Se debe abrir un archivo ELF con un campo de encabezado e_shoff no válido." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], + "cvssMetricV2": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "baseScore": 4.3, + "accessVector": "NETWORK", + "accessComplexity": "MEDIUM", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.6, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": true + } + ] }, - "exploitabilityScore" : 3.9, - "impactScore" : 1.4 - }, - "baseMetricV2" : { - "cvssV2" : { - "version" : "2.0", - "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "accessVector" : "NETWORK", - "accessComplexity" : "LOW", - "authentication" : "NONE", - "confidentialityImpact" : "NONE", - "integrityImpact" : "PARTIAL", - "availabilityImpact" : "NONE", - "baseScore" : 5.0 - }, - "severity" : "MEDIUM", - "exploitabilityScore" : 10.0, - "impactScore" : 2.9, - "acInsufInfo" : false, - "obtainAllPrivilege" : false, - "obtainUserPrivilege" : false, - "obtainOtherPrivilege" : false, - "userInteractionRequired" : false - } - }, - "publishedDate" : "2019-01-15T21:29Z", - "lastModifiedDate" : "2019-02-14T18:40Z" - }, { - "cve" : { - "data_type" : "CVE", - "data_format" : "MITRE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2019-14811", - "ASSIGNER" : "cve@mitre.org" - }, - "problemtype" : { - "problemtype_data" : [ { - "description" : [ { - "lang" : "en", - "value" : "CWE-264" - } ] - } ] - }, - "references" : { - "reference_data" : [ { - "url" : "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html", - "name" : "openSUSE-SU-2019:2223", - "refsource" : "SUSE", - "tags" : [ ] - }, { - "url" : "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html", - "name" : "openSUSE-SU-2019:2222", - "refsource" : "SUSE", - "tags" : [ ] - }, { - "url" : "https://access.redhat.com/errata/RHBA-2019:2824", - "name" : "RHBA-2019:2824", - "refsource" : "REDHAT", - "tags" : [ ] - }, { - "url" : "https://access.redhat.com/errata/RHSA-2019:2594", - "name" : "RHSA-2019:2594", - "refsource" : "REDHAT", - "tags" : [ ] - }, { - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811", - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811", - "refsource" : "CONFIRM", - "tags" : [ "Exploit", "Issue Tracking", "Mitigation", "Patch", "Third Party Advisory" ] - }, { - "url" : "https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html", - "name" : "[debian-lts-announce] 20190909 [SECURITY] [DLA 1915-1] ghostscript security update", - "refsource" : "MLIST", - "tags" : [ ] - }, { - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/", - "name" : "FEDORA-2019-ebd6c4f15a", - "refsource" : "FEDORA", - "tags" : [ ] - }, { - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/", - "name" : "FEDORA-2019-0a9d525d71", - "refsource" : "FEDORA", - "tags" : [ ] - }, { - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/", - "name" : "FEDORA-2019-953fc0f16d", - "refsource" : "FEDORA", - "tags" : [ ] - }, { - "url" : "https://seclists.org/bugtraq/2019/Sep/15", - "name" : "20190910 [SECURITY] [DSA 4518-1] ghostscript security update", - "refsource" : "BUGTRAQ", - "tags" : [ ] - }, { - "url" : "https://www.debian.org/security/2019/dsa-4518", - "name" : "DSA-4518", - "refsource" : "DEBIAN", - "tags" : [ ] - } ] - }, - "description" : { - "description_data" : [ { - "lang" : "en", - "value" : "A flaw was found in, ghostscript versions prior to 9.28, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands." - } ] + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + }, + { + "lang": "en", + "value": "CWE-681" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.21", + "versionEndIncluding": "2.31.1", + "matchCriteriaId": "B1BF4DF3-4D96-4488-A1F7-38A7AF5DC725" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gnu:binutils_gold:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.11", + "versionEndIncluding": "1.16", + "matchCriteriaId": "52A4DA53-C77B-4E9E-94E3-D7F63C44A2F6" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://security.netapp.com/advisory/ntap-20190822-0001/", + "source": "josh@bress.net", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23765", + "source": "josh@bress.net", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] + }, + { + "url": "https://support.f5.com/csp/article/K05032915?utm_source=f5support&%3Butm_medium=RSS", + "source": "josh@bress.net" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20190822-0001/", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23765", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] + }, + { + "url": "https://support.f5.com/csp/article/K05032915?utm_source=f5support&%3Butm_medium=RSS", + "source": "af854a3a-2127-422b-91ae-364da2661108" + } + ] } }, - "configurations" : { - "CVE_data_version" : "4.0", - "nodes" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*", - "versionEndExcluding" : "9.28" - } ] - } ] - }, - "impact" : { - "baseMetricV3" : { - "cvssV3" : { - "version" : "3.0", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "attackVector" : "LOCAL", - "attackComplexity" : "LOW", - "privilegesRequired" : "NONE", - "userInteraction" : "REQUIRED", - "scope" : "UNCHANGED", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "availabilityImpact" : "HIGH", - "baseScore" : 7.8, - "baseSeverity" : "HIGH" + { + "cve": { + "id": "CVE-2019-1010180", + "sourceIdentifier": "josh@bress.net", + "published": "2019-07-24T13:15:10.997", + "lastModified": "2024-11-21T04:18:01.790", + "vulnStatus": "Modified", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet." + }, + { + "lang": "es", + "value": "GNU gdb Todas las versiones se ven afectadas por: Desbordamiento de búfer - Acceso a memoria fuera de enlace. El impacto es: Denegación de servicio, Divulgación de memoria y Posible ejecución de código. El componente es: El módulo principal de gdb. El vector de ataque es: Abra un ELF para la depuración. La versión arregladas es: Aún no está arreglada." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "baseScore": 6.8, + "accessVector": "NETWORK", + "accessComplexity": "MEDIUM", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.6, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": true + } + ] }, - "exploitabilityScore" : 1.8, - "impactScore" : 5.9 - }, - "baseMetricV2" : { - "cvssV2" : { - "version" : "2.0", - "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "accessVector" : "NETWORK", - "accessComplexity" : "MEDIUM", - "authentication" : "NONE", - "confidentialityImpact" : "PARTIAL", - "integrityImpact" : "PARTIAL", - "availabilityImpact" : "PARTIAL", - "baseScore" : 6.8 - }, - "severity" : "MEDIUM", - "exploitabilityScore" : 8.6, - "impactScore" : 6.4, - "acInsufInfo" : false, - "obtainAllPrivilege" : false, - "obtainUserPrivilege" : false, - "obtainOtherPrivilege" : false, - "userInteractionRequired" : true - } - }, - "publishedDate" : "2019-09-03T16:15Z", - "lastModifiedDate" : "2019-09-10T03:15Z" - }, { - "cve" : { - "data_type" : "CVE", - "data_format" : "MITRE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2019-17365", - "ASSIGNER" : "cve@mitre.org" - }, - "problemtype" : { - "problemtype_data" : [ { - "description" : [ { - "lang" : "en", - "value" : "CWE-276" - } ] - } ] - }, - "references" : { - "reference_data" : [ { - "url" : "http://www.openwall.com/lists/oss-security/2019/10/09/4", - "name" : "http://www.openwall.com/lists/oss-security/2019/10/09/4", - "refsource" : "MISC", - "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] - }, { - "url" : "http://www.openwall.com/lists/oss-security/2019/10/10/1", - "name" : "[oss-security] 20191010 Re: CVE-2019-17365: Nix per-user profile directory hijack", - "refsource" : "MLIST", - "tags" : [ "Third Party Advisory" ] - } ] - }, - "description" : { - "description_data" : [ { - "lang" : "en", - "value" : "Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable." - } ] + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gnu:gdb:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.1", + "matchCriteriaId": "2855B0DE-972E-4536-9D6E-3C57C4253177" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493" + } + ] + } + ] + } + ], + "references": [ + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "source": "josh@bress.net", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "source": "josh@bress.net", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html", + "source": "josh@bress.net", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00029.html", + "source": "josh@bress.net", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://www.securityfocus.com/bid/109367", + "source": "josh@bress.net", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] + }, + { + "url": "https://security.gentoo.org/glsa/202003-31", + "source": "josh@bress.net", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23657", + "source": "josh@bress.net", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00029.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://www.securityfocus.com/bid/109367", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] + }, + { + "url": "https://security.gentoo.org/glsa/202003-31", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23657", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] + } + ] } }, - "configurations" : { - "CVE_data_version" : "4.0", - "nodes" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*", - "versionEndIncluding" : "2.3" - } ] - } ] - }, - "impact" : { - "baseMetricV3" : { - "cvssV3" : { - "version" : "3.1", - "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "attackVector" : "LOCAL", - "attackComplexity" : "LOW", - "privilegesRequired" : "LOW", - "userInteraction" : "NONE", - "scope" : "UNCHANGED", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "availabilityImpact" : "HIGH", - "baseScore" : 7.8, - "baseSeverity" : "HIGH" - }, - "exploitabilityScore" : 1.8, - "impactScore" : 5.9 - }, - "baseMetricV2" : { - "cvssV2" : { - "version" : "2.0", - "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "accessVector" : "LOCAL", - "accessComplexity" : "LOW", - "authentication" : "NONE", - "confidentialityImpact" : "PARTIAL", - "integrityImpact" : "PARTIAL", - "availabilityImpact" : "PARTIAL", - "baseScore" : 4.6 + { + "cve": { + "id": "CVE-2019-14811", + "sourceIdentifier": "secalert@redhat.com", + "published": "2019-09-03T16:15:11.573", + "lastModified": "2024-11-21T04:27:24.480", + "vulnStatus": "Modified", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands." + }, + { + "lang": "es", + "value": "Se detecto un defecto en, ghostscript en versiones anteriores a la 9.50, en el procedimiento .pdf_hook_DSC_Creator donde no aseguró adecuadamente sus llamadas privilegiadas, permitiendo que los scripts omitieran las restricciones `-dSAFER`. Un archivo PostScript especialmente diseñado podría deshabilitar la protección de seguridad y luego tener acceso al sistema de archivos o ejecutar comandos arbitrarios." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], + "cvssMetricV30": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "baseScore": 6.8, + "accessVector": "NETWORK", + "accessComplexity": "MEDIUM", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.6, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": true + } + ] }, - "severity" : "MEDIUM", - "exploitabilityScore" : 3.9, - "impactScore" : 6.4, - "acInsufInfo" : false, - "obtainAllPrivilege" : false, - "obtainUserPrivilege" : false, - "obtainOtherPrivilege" : false, - "userInteractionRequired" : false - } - }, - "publishedDate" : "2019-10-09T22:15Z", - "lastModifiedDate" : "2019-10-11T13:19Z" - }, { - "cve" : { - "data_type" : "CVE", - "data_format" : "MITRE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2019-1010180", - "ASSIGNER" : "cve@mitre.org" - }, - "problemtype" : { - "problemtype_data" : [ { - "description" : [ { - "lang" : "en", - "value" : "CWE-119" - } ] - } ] - }, - "references" : { - "reference_data" : [ { - "url" : "http://www.securityfocus.com/bid/109367", - "name" : "109367", - "refsource" : "BID", - "tags" : [ "Third Party Advisory", "VDB Entry" ] - }, { - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23657", - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23657", - "refsource" : "MISC", - "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] - } ] - }, - "description" : { - "description_data" : [ { - "lang" : "en", - "value" : "GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet." - } ] + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-648" + } + ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.50", + "matchCriteriaId": "1F129EB4-EEB2-46F1-8DAA-E016D7EE1356" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", + "matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*", + "matchCriteriaId": "064E7BDD-4EF0-4A0D-A38D-8C75BAFEDCEF" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", + "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", + "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", + "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + } + ], + "references": [ + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html", + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html", + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "https://access.redhat.com/errata/RHBA-2019:2824", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:2594", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811", + "source": "secalert@redhat.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Mitigation", + "Patch", + "Third Party Advisory" + ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html", + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/", + "source": "secalert@redhat.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/", + "source": "secalert@redhat.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/", + "source": "secalert@redhat.com" + }, + { + "url": "https://seclists.org/bugtraq/2019/Sep/15", + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "https://security.gentoo.org/glsa/202004-03", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://www.debian.org/security/2019/dsa-4518", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "https://access.redhat.com/errata/RHBA-2019:2824", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:2594", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Issue Tracking", + "Mitigation", + "Patch", + "Third Party Advisory" + ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://seclists.org/bugtraq/2019/Sep/15", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "https://security.gentoo.org/glsa/202004-03", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://www.debian.org/security/2019/dsa-4518", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] + } + ] } }, - "configurations" : { - "CVE_data_version" : "4.0", - "nodes" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:a:gnu:gdb:*:*:*:*:*:*:*:*" - } ] - } ] - }, - "impact" : { - "baseMetricV3" : { - "cvssV3" : { - "version" : "3.0", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "attackVector" : "LOCAL", - "attackComplexity" : "LOW", - "privilegesRequired" : "NONE", - "userInteraction" : "REQUIRED", - "scope" : "UNCHANGED", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "availabilityImpact" : "HIGH", - "baseScore" : 7.8, - "baseSeverity" : "HIGH" - }, - "exploitabilityScore" : 1.8, - "impactScore" : 5.9 - }, - "baseMetricV2" : { - "cvssV2" : { - "version" : "2.0", - "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "accessVector" : "NETWORK", - "accessComplexity" : "MEDIUM", - "authentication" : "NONE", - "confidentialityImpact" : "PARTIAL", - "integrityImpact" : "PARTIAL", - "availabilityImpact" : "PARTIAL", - "baseScore" : 6.8 + { + "cve": { + "id": "CVE-2019-17365", + "sourceIdentifier": "cve@mitre.org", + "published": "2019-10-09T22:15:10.670", + "lastModified": "2025-01-15T14:29:23.370", + "vulnStatus": "Modified", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable." + }, + { + "lang": "es", + "value": "Nix versiones hasta 2.3, permite a usuarios locales conseguir acceso a la cuenta de un usuario arbitrario porque el directorio principal de los directorios de perfil de usuario son de tipo world writable." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 4.6, + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 3.9, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] }, - "severity" : "MEDIUM", - "exploitabilityScore" : 8.6, - "impactScore" : 6.4, - "acInsufInfo" : false, - "obtainAllPrivilege" : false, - "obtainUserPrivilege" : false, - "obtainOtherPrivilege" : false, - "userInteractionRequired" : true - } - }, - "publishedDate" : "2019-07-24T13:15Z", - "lastModifiedDate" : "2019-08-01T15:39Z" - }, { - "cve" : { - "data_type" : "CVE", - "data_format" : "MITRE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2019-1010204", - "ASSIGNER" : "cve@mitre.org" - }, - "problemtype" : { - "problemtype_data" : [ { - "description" : [ { - "lang" : "en", - "value" : "CWE-125" - }, { - "lang" : "en", - "value" : "CWE-20" - } ] - } ] - }, - "references" : { - "reference_data" : [ { - "url" : "https://security.netapp.com/advisory/ntap-20190822-0001/", - "name" : "https://security.netapp.com/advisory/ntap-20190822-0001/", - "refsource" : "CONFIRM", - "tags" : [ ] - }, { - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23765", - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23765", - "refsource" : "MISC", - "tags" : [ "Issue Tracking", "Third Party Advisory" ] - } ] - }, - "description" : { - "description_data" : [ { - "lang" : "en", - "value" : "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened." - } ] + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.3", + "matchCriteriaId": "41CBEDE7-C5CA-4533-8F81-940E20658FDF" + } + ] + } + ] + } + ], + "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2019/10/09/4", + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://www.openwall.com/lists/oss-security/2019/10/10/1", + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://www.openwall.com/lists/oss-security/2019/10/17/3", + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://www.openwall.com/lists/oss-security/2019/10/09/4", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://www.openwall.com/lists/oss-security/2019/10/10/1", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://www.openwall.com/lists/oss-security/2019/10/17/3", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + } + ] } }, - "configurations" : { - "CVE_data_version" : "4.0", - "nodes" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*", - "versionStartIncluding" : "2.21", - "versionEndIncluding" : "2.31.1" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:a:gnu:binutils_gold:*:*:*:*:*:*:*:*", - "versionStartIncluding" : "1.11", - "versionEndIncluding" : "1.16" - } ] - } ] - }, - "impact" : { - "baseMetricV3" : { - "cvssV3" : { - "version" : "3.0", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "attackVector" : "LOCAL", - "attackComplexity" : "LOW", - "privilegesRequired" : "NONE", - "userInteraction" : "REQUIRED", - "scope" : "UNCHANGED", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "availabilityImpact" : "HIGH", - "baseScore" : 5.5, - "baseSeverity" : "MEDIUM" + { + "cve": { + "id": "CVE-2019-18192", + "sourceIdentifier": "cve@mitre.org", + "published": "2019-10-17T20:15:12.707", + "lastModified": "2024-11-21T04:32:47.937", + "vulnStatus": "Modified", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365." + }, + { + "lang": "es", + "value": "GNU Guix versión 1.0.1, permite a los usuarios locales conseguir acceso a la cuenta de un usuario arbitrario porque el directorio principal de los directorios de perfil de usuario son escribibles por todo el mundo, un problema similar a CVE-2019-17365." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 4.6, + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 3.9, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] }, - "exploitabilityScore" : 1.8, - "impactScore" : 3.6 - }, - "baseMetricV2" : { - "cvssV2" : { - "version" : "2.0", - "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "accessVector" : "NETWORK", - "accessComplexity" : "MEDIUM", - "authentication" : "NONE", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "availabilityImpact" : "PARTIAL", - "baseScore" : 4.3 - }, - "severity" : "MEDIUM", - "exploitabilityScore" : 8.6, - "impactScore" : 2.9, - "acInsufInfo" : false, - "obtainAllPrivilege" : false, - "obtainUserPrivilege" : false, - "obtainOtherPrivilege" : false, - "userInteractionRequired" : true + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gnu:guix:1.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA9DBA1-9FDE-48F6-ACEB-8D9BFA91A4EE" + } + ] + } + ] + } + ], + "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2019/10/17/3", + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Patch", + "Third Party Advisory" + ] + }, + { + "url": "https://issues.guix.gnu.org/issue/37744", + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] + }, + { + "url": "http://www.openwall.com/lists/oss-security/2019/10/17/3", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Patch", + "Third Party Advisory" + ] + }, + { + "url": "https://issues.guix.gnu.org/issue/37744", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] + } + ] } - }, - "publishedDate" : "2019-07-23T14:15Z", - "lastModifiedDate" : "2019-08-22T07:15Z" - }, { - "cve" : { - "data_type" : "CVE", - "data_format" : "MITRE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2019-18192", - "ASSIGNER" : "cve@mitre.org" - }, - "problemtype" : { - "problemtype_data" : [ { - "description" : [ ] - } ] - }, - "references" : { - "reference_data" : [ { - "url" : "http://www.openwall.com/lists/oss-security/2019/10/17/3", - "name" : "[oss-security] 20191017 CVE-2019-18192: Insecure permissions on Guix profile directory", - "refsource" : "MLIST", - "tags" : [ ] - }, { - "url" : "https://issues.guix.gnu.org/issue/37744", - "name" : "https://issues.guix.gnu.org/issue/37744", - "refsource" : "MISC", - "tags" : [ ] - } ] - }, - "description" : { - "description_data" : [ { - "lang" : "en", - "value" : "GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365." - } ] - } - }, - "configurations" : { - "CVE_data_version" : "4.0", - "nodes" : [ ] - }, - "impact" : { }, - "publishedDate" : "2019-10-17T20:15Z", - "lastModifiedDate" : "2019-10-17T20:29Z" - } ] + } + ] } diff --git a/tests/cve.scm b/tests/cve.scm index 90ada2b647..c80059e81f 100644 --- a/tests/cve.scm +++ b/tests/cve.scm @@ -22,6 +22,8 @@ #:use-module (srfi srfi-19) #:use-module (srfi srfi-64)) +;; Generated from the 2019 database : +;; jq -M '.vulnerabilities |= map(select(.cve.id | IN("CVE-2019-14811", "CVE-2019-17365", "CVE-2019-1010180", "CVE-2019-1010204", "CVE-2019-18192", "CVE-2019-0001"))) | .totalResults = (.vulnerabilities | length) | .resultsPerPage = (.vulnerabilities | length)' (define %sample (search-path %load-path "tests/cve-sample.json")) @@ -31,23 +33,19 @@ (define %expected-vulnerabilities ;; What we should get when reading %SAMPLE. (list - (vulnerability "CVE-2019-0001" - ;; Only the "a" CPE configurations are kept; the "o" - ;; configurations are discarded. - '(("juniper" "junos" (or "18.2" (or "18.21-s3" "18.21-s4"))))) - (vulnerability "CVE-2019-0005" - '(("juniper" "junos" (or "18.1" "18.11")))) - ;; CVE-2019-0005 has no "a" configurations. - (vulnerability "CVE-2019-14811" - '(("artifex" "ghostscript" (< "9.28")))) - (vulnerability "CVE-2019-17365" - '(("nixos" "nix" (<= "2.3")))) - (vulnerability "CVE-2019-1010180" - '(("gnu" "gdb" _))) ;any version (vulnerability "CVE-2019-1010204" '(("gnu" "binutils" (and (>= "2.21") (<= "2.31.1"))) ("gnu" "binutils_gold" (and (>= "1.11") (<= "1.16"))))) - ;; CVE-2019-18192 has no associated configurations. + (vulnerability "CVE-2019-1010180" + '(("gnu" "gdb" (< "9.1")))) + (vulnerability "CVE-2019-14811" + '(("artifex" "ghostscript" (< "9.50")))) + (vulnerability "CVE-2019-17365" + '(("nixos" "nix" (<= "2.3")))) + (vulnerability "CVE-2019-18192" + '(("gnu" "guix" "1.0.1"))) + ;; Only the "a" CPE configurations are kept; the "o" configurations are discarded. + ;; This is why CVE-2019-0001 doesn't appear here. )) @@ -55,13 +53,12 @@ (test-equal "json->cve-items" '("CVE-2019-0001" - "CVE-2019-0005" + "CVE-2019-1010204" + "CVE-2019-1010180" "CVE-2019-14811" "CVE-2019-17365" - "CVE-2019-1010180" - "CVE-2019-1010204" "CVE-2019-18192") - (map (compose cve-id cve-item-cve) + (map cve-item-id (call-with-input-file %sample json->cve-items))) (test-equal "cve-item-published-date" @@ -75,32 +72,32 @@ (call-with-input-file %sample json->vulnerabilities)) (test-equal "vulnerabilities->lookup-proc" - (list (list (third %expected-vulnerabilities)) ;ghostscript - (list (third %expected-vulnerabilities)) + (list (list (first %expected-vulnerabilities)) ;binutils + '() + (list (first %expected-vulnerabilities)) '() - (list (fifth %expected-vulnerabilities)) ;gdb - (list (fifth %expected-vulnerabilities)) + (list (second %expected-vulnerabilities)) ;gdb + (list (second %expected-vulnerabilities)) - (list (fourth %expected-vulnerabilities)) ;nix + (list (third %expected-vulnerabilities)) ;ghostscript + (list (third %expected-vulnerabilities)) '() - (list (sixth %expected-vulnerabilities)) ;binutils - '() - (list (sixth %expected-vulnerabilities)) + (list (fourth %expected-vulnerabilities)) ;nix '()) (let* ((vulns (call-with-input-file %sample json->vulnerabilities)) (lookup (vulnerabilities->lookup-proc vulns))) - (list (lookup "ghostscript") - (lookup "ghostscript" "9.27") - (lookup "ghostscript" "9.28") - (lookup "gdb") - (lookup "gdb" "42.0") - (lookup "nix") - (lookup "nix" "2.4") - (lookup "binutils" "2.31.1") + (list (lookup "binutils" "2.31.1") (lookup "binutils" "2.10") (lookup "binutils_gold" "1.11") - (lookup "binutils" "2.32")))) + (lookup "binutils" "2.32") + (lookup "gdb") + (lookup "gdb" "9.0") + (lookup "ghostscript") + (lookup "ghostscript" "9.27") + (lookup "ghostscript" "9.51") + (lookup "nix") + (lookup "nix" "2.4")))) (test-end "cve") |