cvechecker icon indicating copy to clipboard operation
cvechecker copied to clipboard

Published 20 hours ago verified publisher icon sjvermeu

Error pulling CVEs in MySQL mode (Segmentation fault)

Open Arraiz opened this issue 3 years ago • 1 comments

I managed to configurue cvechecker using sqlite, but when i tried to configure it using mysql as a backend the CVE pulling crashes.

Converting nvdcve-1.1-2002.json to CSV... ok Loading in nvdcve-1.1-2002.csv in cvechecker. Loading CVE data from /usr/local/var/cvechecker/cache/nvdcve-1.1-2002.csv into database Segmentation fault *** Could not import nvdcve-1.1-2002.csv

the configuration in the /usr/local/etc/cvechecker.conf is:

# Generic settings
#

#dbtype = "sqlite";
dbtype="mysql";
cvecache = "/usr/local/var/cvechecker/cache";
datadir = "/usr/local/share/cvechecker";
stringcmd = "/usr/bin/strings -n 3 '@file@'";
version_url = "https://raw.github.com/sjvermeu/cvechecker/master/versions.dat";
#iuserkey = "servertag";

#
# For Sqlite3
#
sqlite3: {
  localdb = "/usr/local/var/cvechecker/local";
  globaldb = "/usr/local/var/cvechecker/global.db";
};

#
# For MySQL
#
mysql: {
      dbname = "cvechecker";
      dbuser = "cvechecker";
      dbpass = "cvecheckpass";
      dbhost = "127.0.0.1";
    };

I already used the mysql mysql_cvechecker.sql file in /data (the folder usr/share/cvechecker/ is missing).

those are my machines:

Description:	Raspbian GNU/Linux 10 (buster)
Release:	10
Codename:	buster

Description:	Ubuntu 18.04.5 LTS
Release:	18.04
Codename:	bionic

Arraiz avatar May 20 '21 19:05 Arraiz

I have the same issue with both Alpine 3.18 and Fedora Server 38 with mysql (mariadb) distant database

$ cvechecker -c /var/cvechecker/cache/nvdcve-1.1-2004.csv
Loading CVE data from /var/cvechecker/cache/nvdcve-1.1-2004.csv into database
Segmentation fault

also tested with a CSV as simple as

CVE-2003-0001,5,,,
CVE-2003-0001,5,,,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*,

works like a charm with sqlite

melua avatar Nov 17 '23 11:11 melua