Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lot's of incorrect linkings from CWE to CVE #44

Open
shaileshmeivel opened this issue Aug 24, 2023 · 6 comments
Open

Lot's of incorrect linkings from CWE to CVE #44

shaileshmeivel opened this issue Aug 24, 2023 · 6 comments

Comments

@shaileshmeivel
Copy link

I wanted to get the list of all the CVE's linked for a particular CWE, so I referred to the Linking Threat Tactics paper itself for a CWE and took CWE-787 as an example and queried it( In the paper it was mentioned that CWE-787 has a total of 1150 CVE's linked to it approximately)
image

I knew that I would be getting more CVE's linked to it because of the addition of new vulnerability for that particular weakness but there were actually 132999 CVE's linked to CWE-787. So when I randomly checked if the following CVE's where linked to CWE-787( for that I actually took the respective id's of the CVE's and googled them and checked with the NVD website) , in the list of 132999 the first 1000 - 1500 where ALMOST linked to CWE-787 but after that only 2/10 or something like that were linked to CWE-787, and after that they were linked to some other CWE's

So I queried BRON as follows:
First got the CWE _id for CWE-787
image
image

Then used _id to get all the CVE's linked to it
image
and this was the result
image
(There were too many duplicates over here, so I filtered them by using return distinct v._to)

So when I randomly took the below CVE _id
image
took the corresponding CVE number and googled it
image
So this particular one was linked with CWE-476
image

I even tried checking if CWE-476 and CWE-787 were linked together in the CweCwe collection, but unfortunately they were not.

So this is just an example for one particular CWE. I tried the above methods on 8-9 CWE's and all of them produced the same results
@shaileshmeivel shaileshmeivel changed the title Lot Lot's of incorrect linking from CWE to CVE Aug 24, 2023
@shaileshmeivel shaileshmeivel changed the title Lot's of incorrect linking from CWE to CVE Lot's of incorrect linkings from CWE to CVE Aug 24, 2023
@jiangdie666
Copy link

It should be the cve data source version, you can download the latest cve data package, integrate its associated cwe, and update the data of cwecve.

@shaileshmeivel
Copy link
Author

I actually tried all of these on the public version of BRON available at http://bron.alfa.csail.mit.edu:8529/. When I downloaded BRON I had some other issue(#41) that's why I used the public version

@jiangdie666
Copy link

I think you can look at the specific code in the parse_cve_file function in the file parse_cve.py within your local, docker to see if there is a problem.

@hembergerik
Copy link
Contributor

hembergerik commented Jul 4, 2024
edited
Loading

We have tried to address this issue with the v4 release https://github.com/ALFA-group/BRON/tree/v4

@shaileshmeivel
Copy link
Author

Is the public version of BRON updated with v4?

@hembergerik
Copy link
Contributor

Yes, it should be

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hembergerik @shaileshmeivel @jiangdie666