Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False Negative CVE-2007-4559 #940

Closed
spiffcs opened this issue Sep 29, 2022 · 4 comments
Closed

False Negative CVE-2007-4559 #940

spiffcs opened this issue Sep 29, 2022 · 4 comments
Labels
bug Something isn't working false-negative

Comments

@spiffcs
Copy link
Contributor

spiffcs commented Sep 29, 2022

What happened:
Scanning python:slim with grype does not surface CVE-2007-4559.

What you expected to happen:
CVE-2007-4559 should be surfaced for all python versions at the moment

How to reproduce it (as minimally and precisely as possible):
grype python:slim

CVE-2007-4559 does not appear in the results

Anything else we need to know?:
Small context here

Environment:

  • Output of grype version: 0.50.2
  • OS (e.g: cat /etc/os-release or similar): darwin/amd64
@spiffcs spiffcs added bug Something isn't working false-negative labels Sep 29, 2022
@westonsteimel westonsteimel mentioned this issue Sep 29, 2022
Open
9 tasks
@captn3m0
Copy link

Unless Python is planning to fix this, reporting this en-masse will cause needless false positives.

@westonsteimel
Copy link
Contributor

We are working on a labelling effort to help with understanding changes in grype matching quality and this serves as a good candidate for the case where we don't catch things because we don't know about the binaries at all since they aren't installed by a package manager. We created this specifically so we don't forget to capture those cases

@captn3m0
Copy link

See anchore/syft#1197 for detection problems on binaries installed outside of package manager (includes python:slim).

@spiffcs spiffcs added this to OSS Oct 13, 2022
@spiffcs spiffcs moved this to Parking Lot (Comments or Progress) in OSS Oct 13, 2022
@tgerla tgerla removed the status in OSS May 4, 2023
@tgerla
Copy link
Contributor

tgerla commented May 18, 2023

The latest version of grype successfully identifies this CVE so I'll go ahead and close this issue.

@tgerla tgerla closed this as not planned Won't fix, can't repro, duplicate, stale May 18, 2023
@github-project-automation github-project-automation bot moved this to Done in OSS May 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working false-negative
Projects
OSS
Archived in project
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tgerla @captn3m0 @westonsteimel @spiffcs