search

sjvermeu / cvechecker

Command-line utility to scan the system and report on potential vulnerabilities, based on public CVE data
GNU General Public License v3.0
258 stars 68 forks source link

Error pulling CVEs in MySQL mode (Segmentation fault) #57

Open Arraiz opened 3 years ago

Arraiz commented 3 years ago

I managed to configurue cvechecker using sqlite, but when i tried to configure it using mysql as a backend the CVE pulling crashes.

Converting nvdcve-1.1-2002.json to CSV... ok Loading in nvdcve-1.1-2002.csv in cvechecker. Loading CVE data from /usr/local/var/cvechecker/cache/nvdcve-1.1-2002.csv into database Segmentation fault *** Could not import nvdcve-1.1-2002.csv

the configuration in the /usr/local/etc/cvechecker.conf is:

# Generic settings
#

#dbtype = "sqlite";
dbtype="mysql";
cvecache = "/usr/local/var/cvechecker/cache";
datadir = "/usr/local/share/cvechecker";
stringcmd = "/usr/bin/strings -n 3 '@file@'";
version_url = "https://raw.github.com/sjvermeu/cvechecker/master/versions.dat";
#iuserkey = "servertag";

#
# For Sqlite3
#
sqlite3: {
  localdb = "/usr/local/var/cvechecker/local";
  globaldb = "/usr/local/var/cvechecker/global.db";
};

#
# For MySQL
#
mysql: {
      dbname = "cvechecker";
      dbuser = "cvechecker";
      dbpass = "cvecheckpass";
      dbhost = "127.0.0.1";
    };

I already used the mysql mysql_cvechecker.sql file in /data (the folder usr/share/cvechecker/ is missing).

those are my machines:

Description:    Raspbian GNU/Linux 10 (buster)
Release:    10
Codename:   buster
Description:    Ubuntu 18.04.5 LTS
Release:    18.04
Codename:   bionic
melua commented 1 year ago

I have the same issue with both Alpine 3.18 and Fedora Server 38 with mysql (mariadb) distant database

$ cvechecker -c /var/cvechecker/cache/nvdcve-1.1-2004.csv
Loading CVE data from /var/cvechecker/cache/nvdcve-1.1-2004.csv into database
Segmentation fault

also tested with a CSV as simple as

CVE-2003-0001,5,,,
CVE-2003-0001,5,,,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*,
CVE-2003-0001,5,,cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*,

works like a charm with sqlite