Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(nvd): add source, type field #349

Merged
merged 1 commit into from
Dec 8, 2023
Merged

Conversation

MaineK00n
Copy link
Collaborator

@MaineK00n MaineK00n commented Dec 8, 2023

What did you implement:

add source, type field

Type of change

  • New feature (non-breaking change which adds functionality)

How Has This Been Tested?

$ go-cve-dictionary server
$ curl -s http://127.0.0.1:1323/cves/CVE-2023-1194 | jq "."
{
  "CveID": "CVE-2023-1194",
  "Nvds": [
    {
      "CveID": "CVE-2023-1194",
      "Descriptions": [
        {
          "Lang": "en",
          "Value": "An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory."
        },
        {
          "Lang": "es",
          "Value": "Se encontró una falla de lectura de memoria Out-Of-Bounds (OOB) en parse_lease_state en la implementación KSMBD del servidor samba en el kernel y CIFS en el kernel de Linux. Cuando un atacante envía el comando CREATE con un payload mal formada a KSMBD, debido a una verificación faltante de `NameOffset` en la función `parse_lease_state()`, el objeto `create_context` puede acceder a memoria no válida."
        }
      ],
      "Cvss2": [],
      "Cvss3": [
        {
          "Source": "nvd@nist.gov",
          "Type": "Primary",
          "VectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
          "AttackVector": "NETWORK",
          "AttackComplexity": "LOW",
          "PrivilegesRequired": "LOW",
          "UserInteraction": "NONE",
          "Scope": "UNCHANGED",
          "ConfidentialityImpact": "HIGH",
          "IntegrityImpact": "NONE",
          "AvailabilityImpact": "HIGH",
          "BaseScore": 8.1,
          "BaseSeverity": "HIGH",
          "ExploitabilityScore": 2.8,
          "ImpactScore": 5.2
        },
        {
          "Source": "secalert@redhat.com",
          "Type": "Secondary",
          "VectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
          "AttackVector": "NETWORK",
          "AttackComplexity": "LOW",
          "PrivilegesRequired": "LOW",
          "UserInteraction": "NONE",
          "Scope": "UNCHANGED",
          "ConfidentialityImpact": "LOW",
          "IntegrityImpact": "NONE",
          "AvailabilityImpact": "HIGH",
          "BaseScore": 7.1,
          "BaseSeverity": "HIGH",
          "ExploitabilityScore": 2.8,
          "ImpactScore": 4.2
        }
      ],
      "Cwes": [
        {
          "Source": "nvd@nist.gov",
          "Type": "Primary",
          "CweID": "CWE-125"
        },
        {
          "Source": "secalert@redhat.com",
          "Type": "Secondary",
          "CweID": "CWE-416"
        }
      ],

Checklist:

You don't have to satisfy all of the following.

  • Write tests
  • Write documentation
  • Check that there aren't other open pull requests for the same issue/feature
  • Format your source code by make fmt
  • Pass the test by make test
  • Provide verification config / commands
  • Enable "Allow edits from maintainers" for this PR
  • Update the messages below

Is this ready for review?: YES

Reference

@MaineK00n MaineK00n self-assigned this Dec 8, 2023
@MaineK00n MaineK00n marked this pull request as ready for review December 8, 2023 04:23
@MaineK00n MaineK00n merged commit 9dd0d27 into master Dec 8, 2023
5 checks passed
@MaineK00n MaineK00n deleted the MaineK00n/go-cve-dictionary branch December 8, 2023 10:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant