Skip to content
/ cve-fix-reporter Public

A Script to find fixes for CVE ids by parsing nvd website and respective git repository log.

2 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sriramkandukuri/cve-fix-reporter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
config
config
 
 
cve-fix-reporter.sh
cve-fix-reporter.sh
 
 
cveids.txt
cveids.txt
 
 

Repository files navigation

CVE Fix Reporter

A Script to find fixes for CVE ids by parsing nvd website and respective git repository log.

This can be used if there is a pattern for CVEID report in nvd website with fix urls and proper upstream git repository.

HOW to

  • Clone this repo
  • Update config file as per the comments (no error checking is done)
    • Any invalid configuration causes empty report.
  • Add all CVE IDS to cveids.txt file or somefile.txt and update the same in config if not using default file.
  • Execute ./cve-fix-reporter.sh

Progress

Progress will be shown on shell as below

./cve-reporter.sh
Processing CVE-2017-8824 [125/300]

Output

Output file with name report.html will be generated.

html format selected so that this can be copied easily to excel or any sheet programs

Sample output

S.No CVEID Description References Commits Fix started From Tags with Fix
1 CVE-2003-1604 The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending packets to an interface that has a 0.0.0.0 IP address, a related issue to CVE-2015-8787. "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html http://marc.info/?l=netfilter-devel&m=106668497403047&w=2 http://www.openwall.com/lists/oss-security/2016/01/27/9 https://bugzilla.redhat.com/show_bug.cgi?id=1303072"
2 CVE-2015-8961 The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field. "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6934da9238da947628be83635e365df41064b09b http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3 http://www.securityfocus.com/bid/94135 https://github.com/torvalds/linux/commit/6934da9238da947628be83635e365df41064b09b https://source.android.com/security/bulletin/2016-11-01.html" 6934da9238da947628be83635e365df41064b09b v4.4-rc1 "v4.14.108 v5.4.31"

About

A Script to find fixes for CVE ids by parsing nvd website and respective git repository log.

Topics

linux security vulnerabilities vulnerability-scanners cve-search

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages