Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vulndb: missing goos metadata for GO-2023-2170 #69707

Closed
Hacmon opened this issue Sep 30, 2024 · 2 comments
Closed

x/vulndb: missing goos metadata for GO-2023-2170 #69707

Hacmon opened this issue Sep 30, 2024 · 2 comments
Assignees
@zpavlinovic
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone
vuln/unplanned

Comments

@Hacmon
Copy link

Hacmon commented Sep 30, 2024
edited
Loading

What is the URL of the page with the issue?

https://pkg.go.dev/vuln/GO-2023-2170
https://pkg.go.dev/vuln/GO-2023-2330

What is your user agent?

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Screenshot

No response

What did you do?

I retrieved and processed vulnerability data from https://pkg.go.dev/vuln/GO-2023-2170.

What did you see happen?

I've observed a discrepancy between the OSV Go data and NVD data for the vulnerability distribution in CVE-2023-3955.

What did you expect to see?

In the NVD data, the vulnerability is specific to Windows (running on Windows), but the GO OSV advisory does not include the expected "goos": ["windows"] flag.
This discrepancy leads to problems when matching the vulnerability with the appropriate distribution.

Same issue for https://pkg.go.dev/vuln/GO-2023-2330 - CVE-2023-3676
@Hacmon Hacmon added the pkgsite label Sep 30, 2024
@seankhliao seankhliao changed the title Missing data for GO-2023-2170 x/vulndb: missing goos metadata for GO-2023-2170 Sep 30, 2024
@gopherbot gopherbot added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Sep 30, 2024
@gopherbot gopherbot modified the milestones: Unreleased, vuln/unplanned Sep 30, 2024
@seankhliao seankhliao added NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. and removed pkgsite labels Sep 30, 2024
@ItayHacmon
Copy link

@seankhliao Is there any update on this issue ?
Meanwhile we need to add this data manually in our env.
Please advise

@zpavlinovic
Copy link
Contributor

Sorry, this went under the radar. One reason for this is that this issue should be raised at the vulndb issue tracker. Please open the issue there and it will looked at more promptly.

@zpavlinovic zpavlinovic self-assigned this Dec 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zpavlinovic zpavlinovic

Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
None yet
Milestone
vuln/unplanned
Development

No branches or pull requests
5 participants
@zpavlinovic @gopherbot @seankhliao @ItayHacmon @Hacmon