Closed Xsze closed 1 month ago
skontar
commented
1 month ago Hi. Just wanted to let you know that we are aware of possible slight rounding differences due to incomplete rounding requirements. We have a plan to use equivalent rounding mechanisms in both implementation and updating specification, possibly in a similar fashion as in CVSS v3.1.
Xsze
commented
1 month ago Hello, thanks for the feedback.
It will be a good thing cause right now the python script seems to use an AwayFromZero mid point function, the online one a basic ToEven mid point rounding and the First's oneline calculator don't even use a function to round the result and let javascript decide how to handle the output (seems like a ToZero mid point based on my tests)
All of this without speaking of the errors introduced from the floats variables who influence result in some case
Hello, i've found a bug with your CVSS4 results due to how python handle the round result.
ex with CVSS:4.0/AV:P/AC:H/AT:P/PR:L/UI:P/VC:N/VI:L/VA:H/SC:N/SI:L/SA:N/E:U/CR:H/IR:H/AR:H/MAV:L/MAC:H/MAT:P/MPR:L/MUI:P/MVC:L/MVI:L/MVA:L/MSC:L/MSI:L/MSA:S/S:N/AU:N/R:U/V:D/RE:L/U:Clear
in this exemple the final score before round = 0.95