CVE version string fractional compare

clearlinux / cve-check-tool

Original Automated CVE Checking Tool

GNU General Public License v2.0

204 stars 78 forks source link

CVE version string fractional compare #47

Closed TudorCiochina closed 7 years ago

TudorCiochina commented 7 years ago

CVE version string fractional compare. False positives might get generated but this can be prevented by implementing blacklist mechanism which contain partial or full CPE, vendor and/or product and/or version. Curly added.

ikeydoherty commented 7 years ago

LGTM - thanks!

ikeydoherty commented 7 years ago

Found an example of NVD derp..

+ Configuration 1
* OR
* cpe:/a:gparted:gparted:14.1 and previous versions

gparted uses 0. prefixing..