CVE-2013-7348 and CVE-2022-3105 #204
Conversation
| note: | ||
| answer: |
There was a problem hiding this comment.
Even if it's not clear if this vulnerability is autodiscoverable, I'd still take your best shot at answering this
| adding or improving an automated test to ensure this doesn't happen again. | ||
| fix_answer: | ||
| code_answer: | ||
| reported_date: |
There was a problem hiding this comment.
Reported date can be the same as announced or published date if there's no info about it, but I see on the openwall page linked to the NVD page for this CVE that the CVE was created on March 31st 2014, so that might be something to go off of
| what your answer was. | ||
| any_stacktraces: | ||
| stacktrace_with_fix: | ||
| description: |
There was a problem hiding this comment.
Definitely try to add a short and easy-to-read description of the vulnerability!
There was a problem hiding this comment.
I agree. I think most importantly you need a straightforward what happened and what vulnerabilities resulted from it.
|
|
||
| Write a thoughtful entry here that people in the software engineering | ||
| industry would find interesting. | ||
| nickname: |
There was a problem hiding this comment.
I think this goes hand in hand with the description, try to come up with something short and clever
| serial_killer: | ||
| note: | ||
| applies: False | ||
| complex_inputs: | ||
| note: | ||
| applies: True | ||
| distrust_input: | ||
| note: | ||
| applies: True | ||
| least_privilege: | ||
| note: | ||
| applies: False | ||
| native_wrappers: | ||
| note: | ||
| applies: False | ||
| defense_in_depth: | ||
| note: | ||
| applies: False | ||
| secure_by_default: | ||
| note: | ||
| applies: False | ||
| environment_variables: | ||
| note: | ||
| applies: False | ||
| security_by_obscurity: | ||
| note: | ||
| applies: False | ||
| frameworks_are_optional: | ||
| note: | ||
| applies: False |
There was a problem hiding this comment.
I think at least one of these should probably apply, like e.g. maybe defense in depth?
| Write a note about how you came to the conclusions you did, regardless of | ||
| what your answer was. | ||
| vccs: | ||
| - note: Discovered automatically by archeogit. |
There was a problem hiding this comment.
Maybe add a short explanation of what this commit is, as well as the others in the "fixes" section that just have "manually confirmed" in the note
| vccs: | ||
| - note: Discovered automatically by archeogit. | ||
| commit: 6884c6c4bd09fb35b79a3967d15821cdfcbe77a3 | ||
| fixes: | ||
| - note: | ||
| commit: | ||
| - note: | ||
| commit: | ||
| - note: Manually confirmed | ||
| commit: 7694a7de22c53a312ea98960fcafc6ec62046531 |
There was a problem hiding this comment.
Can add some short descriptions about the commits and remove anything blank
| lessons: | ||
| yagni: | ||
| note: | ||
| applies: [distrust_input, complex_input] |
There was a problem hiding this comment.
I think yagni is a lesson itself, you'd probably just put "false" here if it doesn't apply
| what your answer was. | ||
| any_stacktraces: | ||
| stacktrace_with_fix: | ||
| description: |
There was a problem hiding this comment.
Make sure to add a description of the vulnerability here, like I mentioned in your other CVE
| what your answer was. | ||
| any_stacktraces: | ||
| stacktrace_with_fix: | ||
| description: |
There was a problem hiding this comment.
I agree. I think most importantly you need a straightforward what happened and what vulnerabilities resulted from it.
| fix_answer: | ||
| code_answer: | ||
| reported_date: | ||
| specification: |
There was a problem hiding this comment.
May have just forgot this one. The reasoning doesn't have to be too long but I do think you should have it
| CWE: | ||
| - 476 | ||
| ipc: | ||
| note: This is primarily used for communication between user-space applications and kernel-space InfiniBand (IB) and Remote Direct Memory Access (RDMA) drivers. It doesn't directly deal with inter-process communication (IPC) mechanisms such as OS signals, pipes, stdin/stdout, message passing, clipboard, or file-based IPC. |
There was a problem hiding this comment.
I think you can focus on what the vulnerability does and you don't need to reiterate IPC because we should all know what it is at this point
| CVSS: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | ||
| bugs: [2153067] | ||
| i18n: | ||
| note: It is unlikely that the vulnerabilities or issues related to this code have a direct impact on internationalization (i18n) features. Internationalization features in software are generally concerned with providing support for different languages, character encodings, locales, and user interface translations, among other aspects. |
There was a problem hiding this comment.
Once again I don't think you need to define i18n in your answer.
| If there is no evidence as to how this vulnerability was found, then please | ||
| explain where you looked. | ||
| automated: False | ||
| developer: True |
There was a problem hiding this comment.
I believe you need to put the developers name instead of true here
| automated: False | ||
| developer: True | ||
| discussion: | ||
| note: I was not able to find any disagreements |
There was a problem hiding this comment.
You marked discussion and security as true though?
| comment you want to make. | ||
| any_discussion: True | ||
| discussed_as_security: True | ||
| stacktrace: |
There was a problem hiding this comment.
I think you just forgot this one. Even if you didn't find a stacktrace you should still put false down
| stacktrace_with_fix: | ||
| description: | ||
| unit_tested: | ||
| fix: |
There was a problem hiding this comment.
Since you found a unit test was it good was it bad? Do you know who made it? Was it made before or after the cause of the vulnerability but before the fix? You don't have to answer all my questions exactly but I think they'd be good to think about.
| Write a note about how you came to the conclusions you did, regardless of | ||
| what your answer was. | ||
| autodiscoverable: | ||
| note: An empty dataset would trigger this vulnerability |
There was a problem hiding this comment.
Would a automated tool be able to interpret the result it gets from this?
| Taken from NVD references list with Git commit. If you are | ||
|
|
||
| curating, please fact-check that this commit fixes the vulnerability and replace this comment with 'Manually confirmed' | ||
| - note: Manually confirmed |
There was a problem hiding this comment.
I would recommend leaving a short note describing what this commit does, just a few words for the reader to know how it fixes the vulnerability.
| @@ -361,8 +357,8 @@ interesting_commits: | |||
| * Other commits that fixed a similar issue as this vulnerability | |||
There was a problem hiding this comment.
I'd recommend adding a commit or two in the interesting commits section or at least mentioning why there weren't any (they were trivial, there weren't any at all, etc.)
There was a problem hiding this comment.
Overall, I agree with most of what the other commenters have added here. The only place I'd disagree is that I like how you break down some concepts, as these notes are meant for someone with less programming experience than us. I'd make sure you add the description of the vulnerability as I don't actually know what it is. I know it deals with communication and drivers but that's about it. I'd recommend re-forking as the format of this file is different from the main repository and you're missing some key points.
There was a problem hiding this comment.
Overall, I agree with most of what the other commenters have added here. I'd make sure you add the description of the vulnerability as I don't actually know what it is. I'd recommend re-forking as the format of this file is different from the main repository and you're missing some key points. The answers seem to be before the questions and out of order.
| complex_inputs: | ||
| note: | ||
| applies: | ||
| applies: True |
There was a problem hiding this comment.
Make sure to mention why this applies.
Same with distrust input.
| discussion: | ||
| note: | ||
| note: https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.10 |
There was a problem hiding this comment.
A link is good, but I'd recommend also adding a short description.
No description provided.