vulnerablecode
vulnerablecode copied to clipboard
Extract interesting data from CVE and other vulnerabilities body
We should extract interesting data from CVE and other vulnerabilities body. This is based on this research https://rp.os3.nl/2020-2021/p06/report.pdf and https://rp.os3.nl/2020-2021/p06/presentation.pdf by Bart van Dongen and @armijnhemel See also for related projects https://rp.os3.nl/2020-2021/index.html
For instance in https://nvd.nist.gov/vuln/detail/CVE-2020-0002 we have a description choke full of unstructured data, with clues of file name, function name and various Android version and Android IDs:
Description
In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142602711
Here for instance we could extract a cross reference between the Android ID and the actual advisory which is in https://source.android.com/security/bulletin/2020-01-01
See also:
- #317
- #251
- #340 (also list a file name)