trivy icon indicating copy to clipboard operation
trivy copied to clipboard
Published 1 month ago verified publisher icon aquasecurity

False positive: CVE-2014-9939 unexpected scan result

Open JwishPark opened this issue 3 years ago • 2 comments

Description

I scanned my centos-based image with Trivy. And found there is a vulnerability CVE-2014-9939 in binutils. However according to the description, problem has before version 2.26 and installed version is 2.27 in my image So I want to know why it was found as a vulnerability.

What did you expect to happen?

[email protected]_9.1.x86_64 is not vulnerable to CVE-2014-9939

What happened instead?

CVE-2014-9939 reported on [email protected]_9.1.x86_64

Output of run

image

Output of trivy -v

image

JwishPark avatar Nov 03 '22 13:11 JwishPark

Hello @JwishPark Thanks for your report!

Trivy uses RedHat database for RHEL/CentOS.(More information about Data Sources here.

For RHEL7 CVE-2014-9939 has status affected(https://access.redhat.com/security/cve/cve-2014-9939) That is why Trivy found this CVE.

Best Regards, Dmitriy

DmitriyLewen avatar Nov 07 '22 06:11 DmitriyLewen

This issue is stale because it has been labeled with inactivity.

github-actions[bot] avatar Jan 07 '23 00:01 github-actions[bot]