This repository was archived by the owner on Dec 1, 2024. It is now read-only.
This repository was archived by the owner on Dec 1, 2024. It is now read-only.
wrong CPE matching #211
Open
Description
Some otherwise valid CPE identifiers produce wrong matchings.
As an example, this match is good :
$ echo 'cpe:2.3:a:clamav:clamav:1.0.0:*:*:*:*:*:*:*' | cpe2cve -cpe=1 -cve=2 ./nvd/nvdcve-1.1-*.json.gz
cpe:2.3:a:clamav:clamav:1.0.0:*:*:*:*:*:*:* CVE-2023-20032
cpe:2.3:a:clamav:clamav:1.0.0:*:*:*:*:*:*:* CVE-2023-20052
But this one matches CVE-2021-45967 which has nothing to do with clamav :
$ echo 'cpe:2.3:a:*:clamav:1.0.0:*:*:*:*:*:*:*' | cpe2cve -cpe=1 -cve=2 ./nvd/nvdcve-1.1-*.json.gz
cpe:2.3:a:*:clamav:1.0.0:*:*:*:*:*:*:* CVE-2023-20052
cpe:2.3:a:*:clamav:1.0.0:*:*:*:*:*:*:* CVE-2021-45967
cpe:2.3:a:*:clamav:1.0.0:*:*:*:*:*:*:* CVE-2023-20032
Metadata
Metadata
Assignees
Labels
No labels