Same Vulnerablity having multiple CVEs?

27 views
Skip to first unread message

Vaibhav Gupta

unread,
Jan 27, 2014, 2:30:27 AM1/27/14
to null-...@googlegroups.com
Hi folks,

Why do same vulnerability have multiple CVEs? An example set is shown below:

CVE-2013-0991      WebKit Unspecified Memory Corruption
CVE-2013-0992      WebKit Unspecified Memory Corruption
CVE-2013-0993      WebKit Unspecified Memory Corruption 
CVE-2013-0994      WebKit Unspecified Memory Corruption

Any pointer would be appreciated.

Rajesh A.

unread,
Jan 27, 2014, 2:42:36 AM1/27/14
to null-...@googlegroups.com
have seen some thing like this name of the vulnerability will be same but hitting points, variables are different. you may also check apache issues...


--
_______________________________________________________________________________
nullcon goa V - spread love... not malware...
12-15th Feb 2014
_______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

chaithu rk

unread,
Jan 27, 2014, 2:44:15 AM1/27/14
to null-...@googlegroups.com
You can note the "Unspecified" thinggy... The vulnerable components are different for the bugs.



--
_______________________________________________________________________________
nullcon goa V - spread love... not malware...
12-15th Feb 2014
_______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.



--
ant4g0nist@v0id:~#

Anil Aphale

unread,
Jan 27, 2014, 3:15:23 AM1/27/14
to null-...@googlegroups.com
if you are collecting this information from http://cve.mitre.org/ then this happens.

as per the process of CVE assignment. when vendor receive any report for any vulnerability they confirms that vulnerability and reserve CVE for it my sending initial information to cve.mitre.org. since even vendor is currently in the process of identifying root cause of vulnerability (functions causing error) they mention it as unspecified vulnerability and CVE id assigned to it.

when vendor finishes with complete investigation and patch is released again vendor provide appropriate details of vuln to cve.mitre.org and then they update there database with the information.

all this is done to prevent other users from knowing root cause before it is getting patched. 
Reply all
Reply to author
Forward
0 new messages