You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We can build up a list of known vulnerable c/c++ libraries by collecting the various git and svn URLs from the references for those CVEs that refer to a .c/c++ code in the description (Low precision). We can then augment this list by looking for similar URLs in the NVD CPE feeds.
We need a poc to experiment with better identification for c/c++ libraries with vulnerabilities.
With a local vuln-list repo, I am getting good hits from inside the NVD directory.
We can build up a list of known vulnerable c/c++ libraries by collecting the various git and svn URLs from the references for those CVEs that refer to a .c/c++ code in the description (Low precision). We can then augment this list by looking for similar URLs in the NVD CPE feeds.
https://nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz
To improve precision, we may have to add more repos and CVEs to our data set manually.
The text was updated successfully, but these errors were encountered: