From a9b004b2f697e580a1ac6ecb0cc1ddab87832c5c Mon Sep 17 00:00:00 2001 From: Dana Robinson <43805+derobins@users.noreply.github.com> Date: Fri, 1 Sep 2023 15:50:42 -0700 Subject: [PATCH] Prettify the CVE matrix (#3488) * Use emoji green check / red x to better indicate pass/fail * Update the note about CVE-2021-45832 --- CVE_list_1_14.md | 126 +++++++++++++++++++++++------------------------ 1 file changed, 63 insertions(+), 63 deletions(-) diff --git a/CVE_list_1_14.md b/CVE_list_1_14.md index 3de7f740991..aab87efb2d6 100644 --- a/CVE_list_1_14.md +++ b/CVE_list_1_14.md @@ -3,72 +3,72 @@ | [CVE-2022-26061](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26061) | UNTESTED | UNTESTED | UNTESTED | UNTESTED | | [CVE-2022-25972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25972) | UNTESTED | UNTESTED | UNTESTED | UNTESTED | | [CVE-2022-25942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25942) | UNTESTED | UNTESTED | UNTESTED | UNTESTED | -| [CVE-2021-46244](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46244) | | | | | -| [CVE-2021-46243](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46243) | | | | | -| [CVE-2021-46242](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46242) | | | | | -| [CVE-2021-45833](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45833) | | | | | +| [CVE-2021-46244](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46244) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2021-46243](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46243) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2021-46242](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46242) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2021-45833](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45833) | ✅ | ✅ | ✅ | ✅ | | [CVE-2021-45832](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45832) | UNTESTED | UNTESTED | UNTESTED | UNTESTED | -| [CVE-2021-45830](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45830) | | | | | -| [CVE-2021-45829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45829) | | | | | -| [CVE-2021-37501](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37501) | FAILED | | | | -| [CVE-2021-36977](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36977) | | | | | +| [CVE-2021-45830](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45830) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2021-45829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45829) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2021-37501](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37501) | ❌ | ✅ | ✅ | ✅ | +| [CVE-2021-36977](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36977) | ✅ | ✅ | ✅ | ✅ | | [CVE-2021-31009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31009) | N/A | N/A | N/A | N/A | -| [CVE-2020-10812](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10812) | | | | | -| [CVE-2020-10811](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10811) | | | | | -| [CVE-2020-10810](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10810) | | | | | -| [CVE-2020-10809](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10809) | | | | | -| [CVE-2019-9152](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9152) | | | | | -| [CVE-2019-9151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9151) | | | | | -| [CVE-2019-8398](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8398) | | | | | -| [CVE-2019-8397](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8397) | | | | | -| [CVE-2019-8396](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8396) | | | | | -| [CVE-2018-17439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17439) | | | | | -| [CVE-2018-17438](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17438) | | | | | -| [CVE-2018-17437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17437) | | | | | -| [CVE-2018-17436](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17436) | | | | | -| [CVE-2018-17435](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17435) | | | | | -| [CVE-2018-17434](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17434) | | | | | -| [CVE-2018-17433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17433) | | | | | -| [CVE-2018-17432](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17432) | | | | | -| [CVE-2018-17237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17237) | | | | | -| [CVE-2018-17234](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17234) | | | | | -| [CVE-2018-17233](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17233) | | | | | -| [CVE-2018-16438](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16438) | | | | | -| [CVE-2018-15672](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15672) | | | | | -| [CVE-2018-15671](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15671) | FAILED | FAILED | FAILED | | -| [CVE-2018-14460](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14460) | | | | | -| [CVE-2018-14035](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14035) | | | | | -| [CVE-2018-14034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14034) | | | | | -| [CVE-2018-14033](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14033) | | | | | -| [CVE-2018-14031](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14031) | | | | | -| [CVE-2018-13876](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13876) | | | | | -| [CVE-2018-13875](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13875) | | | | | -| [CVE-2018-13874](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13874) | | | | | -| [CVE-2018-13873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13873) | | | | | -| [CVE-2018-13872](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13872) | | | | | -| [CVE-2018-13871](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13871) | FAILED | | | | -| [CVE-2018-13870](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13870) | | | | | -| [CVE-2018-13869](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13869) | | | | | -| [CVE-2018-13868](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13868) | | | | | -| [CVE-2018-13867](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13867) | FAILED | FAILED | | | -| [CVE-2018-13866](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13866) | FAILED | | | | -| [CVE-2018-11207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11207) | | | | | -| [CVE-2018-11206](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11206) | | | | | -| [CVE-2018-11205](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11205) | FAILED | | | | -| [CVE-2018-11204](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11204) | | | | | -| [CVE-2018-11203](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11203) | | | | | -| [CVE-2018-11202](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11202) | FAILED | FAILED | | | -| [CVE-2017-17509](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17509) | | | | | -| [CVE-2017-17508](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17508) | | | | | -| [CVE-2017-17507](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17507) | FAILED | FAILED | | | -| [CVE-2017-17506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17506) | | | | | -| [CVE-2017-17505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17505) | | | | | -| [CVE-2016-4333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333) | | | | | -| [CVE-2016-4332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332) | FAILED | FAILED | FAILED | | -| [CVE-2016-4331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331) | | | | | -| [CVE-2016-4330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330) | | | | | +| [CVE-2020-10812](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10812) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2020-10811](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10811) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2020-10810](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10810) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2020-10809](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10809) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2019-9152](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9152) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2019-9151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9151) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2019-8398](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8398) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2019-8397](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8397) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2019-8396](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8396) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-17439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17439) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-17438](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17438) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-17437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17437) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-17436](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17436) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-17435](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17435) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-17434](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17434) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-17433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17433) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-17432](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17432) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-17237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17237) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-17234](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17234) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-17233](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17233) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-16438](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16438) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-15672](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15672) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-15671](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15671) | ❌ | ❌ | ❌ | ✅ | +| [CVE-2018-14460](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14460) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-14035](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14035) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-14034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14034) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-14033](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14033) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-14031](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14031) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-13876](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13876) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-13875](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13875) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-13874](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13874) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-13873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13873) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-13872](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13872) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-13871](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13871) | ❌ | ✅ | ✅ | ✅ | +| [CVE-2018-13870](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13870) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-13869](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13869) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-13868](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13868) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-13867](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13867) | ❌ | ❌ | ✅ | ✅ | +| [CVE-2018-13866](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13866) | ❌ | ✅ | ✅ | ✅ | +| [CVE-2018-11207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11207) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-11206](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11206) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-11205](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11205) | ❌ | ✅ | ✅ | ✅ | +| [CVE-2018-11204](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11204) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-11203](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11203) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2018-11202](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11202) | ❌ | ❌ | ✅ | ✅ | +| [CVE-2017-17509](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17509) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2017-17508](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17508) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2017-17507](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17507) | ❌ | ❌ | ✅ | ✅ | +| [CVE-2017-17506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17506) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2017-17505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17505) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2016-4333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4333) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2016-4332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4332) | ❌ | ❌ | ❌ | ✅ | +| [CVE-2016-4331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4331) | ✅ | ✅ | ✅ | ✅ | +| [CVE-2016-4330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4330) | ✅ | ✅ | ✅ | ✅ | ## NOTES -* CVE-2021-45832 has no known proof of vulnerability file. We will attempt to create our own. +* CVE-2021-45832 has no known proof of vulnerability file. The H5E code that could produce an infinite loop has been reworked, but without a vulnerable file or test program it's difficult to tell if this issue has been fixed. The stack trace provided with the CVE only contains part of the trace, so we don't even know the entry point into the library. * CVE-2021-31009 is not a specific vulnerability against HDF5. * CVE-2022-25942, CVE-2022-25972, and CVE-2022-26061 are not tested. Those vulnerabilities involve the high-level GIF tools and can be avoided by disabling those tools at build time.