You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
More and More CVES are starting to contain hidden formatting characters and extra spaces that should likely be supported on CVE.org, or the schema should specify that the description is a unicode string.
In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix a deadlock problem when config TC during resetting\n\nWhen config TC during the reset process, may cause a deadlock, the flow is\nas below:\n pf reset start\n │\n ▼\n ......\nsetup tc │\n │ ▼\n ▼ DOWN: napi_disable()\nnapi_disable()(skip) │\n │ │\n ▼ ▼\n ...... ......\n │ │\n ▼ │\nnapi_enable() │\n ▼\n UINIT: netif_napi_del()\n │\n ▼\n ......\n │\n ▼\n INIT: netif_napi_add()\n │\n ▼\n ...... global reset start\n │ │\n ▼ ▼\n UP: napi_enable()(skip) ......\n │ │\n ▼ ▼\n ...... napi_disable()\n\nIn reset process, the driver will DOWN the port and then UINIT, in this\ncase, the setup tc process will UP the port before UINIT, so cause the\nproblem. Adds a DOWN process in UINIT to fix it."
@ccoffin, should the schema not specify the description's length or type as a plain text string, or should \n, \t, and extra white spaces and emojis be allowed in descriptions?
I am unsure if these 50+ CVEs are skirting an unenforced requirement or if no one is displaying them correctly.
More and More CVES are starting to contain hidden formatting characters and extra spaces that should likely be supported on CVE.org, or the schema should specify that the description is a unicode string.
I will use CVE-2024-44995 as an example of this issue:
As submitted in the JSON File:
As Rendered in Text:
As Rendered on CVE.org:
Here is a CSV with CVEs that are causing the most issues matching against a string:
SpecialDescription.csv
The text was updated successfully, but these errors were encountered: