CVE syntax is changing

14 December 2013

CVE syntax is changing on January 1, 2014. Be prepared, modify and test your code. This modification is not a big deal, the last 4 fixed digits became arbitrary digits with a minimum of 4 and without a maximum.

"The new syntax for CVE Identifiers (CVE-IDs), which was determined in a recent vote by the CVE Editorial Board, will take effect on January 1, 2014. This announcement is being made now so that users will have enough time to change their processes and software to handle the new ID syntax."

"The CVE Editorial Board determined that the new syntax was needed so that CVE can track more than 10,000 vulnerabilities in a single year. The CVE-ID syntax used since the inception of CVE in 1999, CVE-YYYY-NNNN, only supports a maximum of 9,999 unique identifiers per year so a change was necessary."

For us, not a big deal, only one change in our code. Testing are done. Great !

A simple example of a PHP Regex syntax (with a limitation of 100 digits witch is a lots) :

<?php
$subject = "CVE-2014-10000000";
if (preg_match_all("|CVE-[0-9]{4}-[0-9]{4,100}|i", $subject, $matches)) {
   var_dump($matches);
}

The Security-Database Team

Source : CVE-ID Syntax Changing on January 1, 2014

Documentations	1 August 2016 : Working on Common Vulnerability Scoring System v3 integration 28 June 2016 : CPE Deprecated Dictionary integration 14 March 2016 : And Prev? What does that mean? 6 July 2015 : CVSS v3 and Updates 18 June 2014 : Customize your monitored Products by adding an Environmental CVSS vector
Update	28 July 2014 : Code improvement and security, from good to great! 17 February 2014 : 58.000+ Nessus files integration and vDNA API update 20 January 2014 : vDNA update and Snort Rules integration 18 December 2013 : vDNA Crosslinks as Christmas gift 14 December 2013 : CVE syntax is changing

CVE syntax is changing

Related Articles

Follow us

Like us !

Most Read

Advertising

License

Categories

COMPANY

STANDARDS

RECENT POSTS

MENU