Skip to content

Extract interesting data from CVE and other vulnerabilities body #551

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
pombredanne opened this issue Sep 15, 2021 · 6 comments
Open

Extract interesting data from CVE and other vulnerabilities body #551

pombredanne opened this issue Sep 15, 2021 · 6 comments
Labels
Core models feature

Comments

@pombredanne
Copy link
Member

We should extract interesting data from CVE and other vulnerabilities body. This is based on this research https://rp.os3.nl/2020-2021/p06/report.pdf and https://rp.os3.nl/2020-2021/p06/presentation.pdf by Bart van Dongen and @armijnhemel
See also for related projects https://rp.os3.nl/2020-2021/index.html

For instance in https://nvd.nist.gov/vuln/detail/CVE-2020-0002 we have a description choke full of unstructured data, with clues of file name, function name and various Android version and Android IDs:

Description

In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142602711

Here for instance we could extract a cross reference between the Android ID and the actual advisory which is in https://source.android.com/security/bulletin/2020-01-01

See also:
@pombredanne
Copy link
Member Author

See also https://github.com/pinkymm/inconsistency_detection

@armijnhemel
Copy link
Contributor

Paths should be fairly easy to extract using textcode.

@armijnhemel
Copy link
Contributor

First shot at this: https://github.com/armijnhemel/compliance-scripts/tree/cve_extract_paths/cve

@armijnhemel
Copy link
Contributor

To expand on this a bit more, there are certain identifiers I would be very interested in. One of those is searching by chipset. There are CVEs that contain chipset numbers, for example CVE-2021-41788:

MediaTek microchips, as used in NETGEAR devices through 2021-12-13 and other devices, mishandle attempts at Wi-Fi authentication flooding. (Affected Chipsets MT7603E, MT7612, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0).

This information is not recorded somewhere else in the CVE (but it is mentioned in some of the references). I know that this isn't specific to a single package or package version, but it is useful information to have nonetheless.

Another one would be SDK/BSP:

CVE-2022-29558
CVE-2021-35393

or various keywords, such as UPnP, or program names (for examples of both see CVE-2021-35393 ).

I could help assemble lists of keywords that are interesting to me.

@armijnhemel
Copy link
Contributor

First shot at this: https://github.com/armijnhemel/compliance-scripts/tree/cve_extract_paths/cve

I updated the scripts here to the V5 JSON format.

This was referenced Jun 12, 2024
Open
Open
@armijnhemel
Copy link
Contributor

Relevant in this context: https://github.com/armijnhemel/devicecode

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Core models feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pombredanne @armijnhemel