Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WRN] [CVE-2019-6799] Malformed version: [6.20.35 188 17] #3950

Closed
xgt6op opened this issue Jul 19, 2023 · 4 comments · Fixed by #3984
Closed

[WRN] [CVE-2019-6799] Malformed version: [6.20.35 188 17] #3950

xgt6op opened this issue Jul 19, 2023 · 4 comments · Fixed by #3984
Assignees
@tarunKoyalwar
Labels
Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Milestone
nuclei v2.9.10

Comments

@xgt6op
Copy link

xgt6op commented Jul 19, 2023
edited by ehsandeep
Loading

I ran nuclei on subdomains list and the command was
nuclei -l live_subdomains -es info -t /home/xgt6op/nuclei-templates/http/cves/2019/CVE-2019-6799.yaml -o output2.txt

And got this error

                    __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v2.9.9

		projectdiscovery.io

[INF] Supplied input was automatically deduplicated (181 removed).
[INF] Current nuclei version: v2.9.9 (latest)
[INF] Current nuclei-templates version: v9.5.8 (latest)
[INF] New templates added in latest release: 113
[INF] Templates loaded for current scan: 1
[INF] Targets loaded for current scan: 439
[INF] Using Interactsh Server: oast.site
[WRN] [CVE-2019-6799] Malformed version: [6.20.35 188 17]
[WRN] [CVE-2019-6799] Malformed version: [6.20.35 188 17]
[WRN] [CVE-2019-6799] Malformed version: [6.20.35 188 17]
[WRN] [CVE-2019-6799] Malformed version: [17 6.20.35 188]
[WRN] [CVE-2019-6799] Malformed version: [6.20.35 188 17]
[WRN] [CVE-2019-6799] Malformed version: [6.20.35 188 17]
[WRN] [CVE-2019-6799] Malformed version: [488 2960455 710 2 73823375]
[WRN] [CVE-2019-6799] Malformed version: [488 2960455 710 2 73823375]
[WRN] [CVE-2019-6799] Malformed version: [710 2 73823375 488 2960455]
[WRN] [CVE-2019-6799] Malformed version: [2 73823375 488 2960455 710]
[WRN] [CVE-2019-6799] Malformed version: [2 73823375 488 2960455 710]

So is there any problem with my nuclei or my templates

see #3949 for more information.
@xgt6op xgt6op added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Jul 19, 2023
@MetzinAround
Copy link
Contributor

I noticed you had an issue and a discussion. I'll go ahead and close this issue and keep the discussion for now. Thanks!

#3949

@ehsandeep ehsandeep reopened this Jul 21, 2023
@Mzack9999
Copy link
Member

Mzack9999 commented Jul 21, 2023
edited
Loading

Note: most likely, it's the dsl helper compare_versions receiving invalid values due to faulty regexes extracting invalid versions. While the warning can be ignored, the regexes extracting versions from various templates should be improved:

CVE-2019-12616
CVE-2019-6799
...

@tarunKoyalwar
Copy link
Member

as you mentioned @Mzack9999 this is because of parsing error in compare_versions . i tried to create new regex for extracting semver version . which doesnot seem possible without false positives if we want to allow versions like (v1 , v1.8)

since these is not actual deciding factor for template . we can supress/hide parsing errors in compare_version dsl function what do you think @ehsandeep @Mzack9999

This was referenced Jul 26, 2023
Closed
Closed
Merged
@tarunKoyalwar tarunKoyalwar linked a pull request Jul 26, 2023 that will close this issue
ignore version parsing error #3984
Merged
@tarunKoyalwar tarunKoyalwar mentioned this issue Jul 26, 2023
Merged
@ehsandeep ehsandeep added this to the nuclei v2.9.10 milestone Jul 26, 2023
@tarunKoyalwar tarunKoyalwar mentioned this issue Jul 28, 2023
Closed
@ehsandeep ehsandeep added the Status: Completed Nothing further to be done with this issue. Awaiting to be closed. label Jul 28, 2023
@ehsandeep
Copy link
Member

@xgt6op This is now fixed with the latest release - https://github.com/projectdiscovery/nuclei/releases/tag/v2.9.10

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tarunKoyalwar tarunKoyalwar

Labels
Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
nuclei v2.9.10
Development

Successfully merging a pull request may close this issue.

ignore version parsing error projectdiscovery/nuclei
5 participants
@ehsandeep @Mzack9999 @tarunKoyalwar @MetzinAround @xgt6op