_MEM BFCVE Challenge
Irena Bojanova, PI & Lead, NIST Bugs Framework (BF), 2014 – ~~~~

Let’s start creating of a labeled dataset of memory related software security vulnerability specifications using BF’s memory bugs formalism (taxonomy and LL(1) formal grammar) .

There are 60 426 memory related CVEs (as of August 2023). To start with, we query the CVE for entries with CWEs assigned by NVD, where the CWEs also map by operation to BF Memory Corruption and Disclosure classes. We then order them by their severity scores according to the Common Vulnerability Scoring System (CVSS) and select maximum ten CVEs per operation – thus reducing the count to the most severe CVEs per _MEM BF operation.

First set of steps:
  1. Explore the 91 CVEs listed below. Each one has a memory related underlying weakness identified via our CWE2BF mappings and the NVD CWE to CVE assignments.
  2. Identify a CVE for wchich you can find the Bug Report, the Code with Bug, and the Code with Fix (locate the specific GitHub repository with the Diffs). See how these are listed for the examples in BFCVE on the left.
Second set of steps:
  1. Get to know the BF Memory Bugs Model .
  2. Get to know the taxonomies of the BF Memory Corruption/Disclosure Classes .
  3. Get to know the BF Tool .
  4. Collaborate on creating a BF specification of your CVE.
    Important Note: Use the “NVD CWE” and “BF Chain(s) Indentifiable from NVD CWE” columns only as possibly useful guidance. In some cases, a listed CWE may be a wrongly assigned one by NVD, so please notify us if you encounter such. In some cases, the listed chains may be wrong or not the only possible, as the CWE information (from which they are retrieved) may be wrong or limited.
Third set of steps:
  1. Open in a text editor the .bfcve file where you saved the BF CVE description usign the BF Tool.
  2. Copy the entire content of the .bfcve file. This is your BF CVE specification in XML format.
  3. Submit the copied .bfcve content and the links to the Bug Report, the Code with Bug, and the Code with Fix here:

Submit your BF CVE Specification

_MEM CVEs

CVSSBF ClassBF OperationNVD CWEBF Chain(s) Indentifiable from NVD CWE
CVE-2022-16999.9MMNAllocateCWE-400
  • (Missing Code, Verify, Wrong Value) →
    → (Wrong Size, Allocate, Memory Overflow)
  • (SingleOwnedAddress, Reassign, MemoryLeak)
  • (MissingCode, Deallocate, MemoryLeak)
CVE-2022-22599.8MMNAllocate
CVE-2022-164929.8MMNAllocate
CVE-2021-12759.8MMNAllocate
CVE-2018-192829.8MMNAllocate
CVE-2018-164919.8MMNAllocate
CVE-2018-164869.8MMNAllocate
CVE-2018-119369.8MMNAllocate
CVE-2017-91199.8MMNAllocate
CVE-2017-67139.8MMNAllocateCWE-770(Missing Code, Verify, Wrong Value) →
→ (Wrong Size, Allocate, Memory Overflow)
CVE-2022-221508.8MUSClearCWE-460(Missing Code/Erroneous Code, Deallocate, Memory Leak)
CVE-2018-189248.8MUSClearCWE-459(Erroneous Code, Clear, Not Cleared Object)
CVE-2021-370897.8MUSClear
CVE-2018-199617.8MUSClear
CVE-2018-182817.8MUSClear
CVE-2021-457067.5MUSClear
CVE-2021-453307.5MUSClear
CVE-2021-329287.5MUSClear
CVE-2020-134517.5MUSClear
CVE-2019-115147.5MUSClear
CVE-2022-2208610MMNDeallocateCWE-415(Erroneous Code, Deallocate, Double Free)
CVE-2022-2012710MMNDeallocate
CVE-2021-3712010MMNDeallocate
CVE-2021-191010MMNDeallocate
CVE-2020-843210MMNDeallocate
CVE-2019-1550410MMNDeallocate
CVE-2018-2096110MMNDeallocate
CVE-2018-010110MMNDeallocate
CVE-2020-601610MMNDeallocateCWE-590(Mismatched Operation, Deallocate, Object Corruption)
CVE-2020-010310MMNDeallocateCWE-763(Mismatched Operation, Deallocate, Object Corruption)
CVE-2022-2835010MUSDereferenceCWE-416(Dangling Pointer, Read/Write/Dereference, Use After Free)
CVE-2022-2834910MUSDereference
CVE-2022-2834810MUSDereference
CVE-2022-2180610MUSDereference
CVE-2021-3704510MUSDereference
CVE-2021-2194110MUSDereference
CVE-2021-2194110MUSDereference
CVE-2021-197610MUSDereference
CVE-2020-963310MUSDereference
CVE-2022-2835010MUSRead
CVE-2022-2834910MUSRead
CVE-2022-2834810MUSRead
CVE-2022-2180610MUSRead
CVE-2021-3704510MUSRead
CVE-2021-194610MUSDereferenceCWE-476(NULL Pointer, Dereference, NULL Pointer Dereference)
CVE-2021-182910MUSDereferenceCWE-843(Wrong Object Type Resolved, Coerce, Wrong Type) →
→ (Casted Pointer, Read/Write/Dereference, Type Confusion)
CVE-2019-1590010MUSInitalize ObjectCWE-908(Missing Code, Initialize Object, Uninitialized Object) →
→ (Uninitialized Object, . . . , . . . )
CVE-2019-1405210MUSInitalize Object
CVE-2019-1054110MUSInitalize Object
CVE-2021-16199.8MUSInitalize Object
CVE-2019-98059.8MUSInitalize Object
CVE-2019-73219.8MUSInitalize Object
CVE-2019-50679.8MUSInitalize Object
CVE-2019-127309.8MUSInitalize Object
CVE-2019-00069.8MUSInitalize Object
CVE-2017-1371510MUSInitalize ObjectCWE-665(Missing Code/Erroneous Code, Initialize Object, Uninitialized Object)
CVE-2021-282164.6MADInitalize PointerCWE-587(Hard Coded Address, Initialize/Reassign, Wild Pointer)
CVE-2022-2023810MUSReadCWE-119(Missing Code, Verify, Wrong Value) →
→ (Wrong Index, Reassign, Over Bounds Pointer/Under Bounds Pointer) →
→ (Over Bounds Pointer/Under Bounds Pointer, Read/Write, Buffer Overflow/Buffer Underflow/Buffer Over-Read/Buffer Under-Read)
CVE-2021-4039310MUSRead
CVE-2021-3970810MUSRead
CVE-2021-2769210MUSRead
CVE-2021-4005010MUSReadCWE-125(Erroneous Code, Calculate, Wrong Result) →
→ (Wrong Index, Reposition, Over Bounds Pointer/Under Bounds Pointer) →
→ (Over Bounds Pointer/Under Bounds Pointer, Read, Buffer Over-Read/Buffer Under-Read)
CVE-2022-418379.8MADReassignCWE-562(Erroneous Code, Reassign, Wild Pointer)
CVE-2021-217988.8MADReassign
CVE-2021-347928.6MADReassignCWE-401(Single Owned Address, Reassign, Memory Leak)
CVE-2021-346988.6MADReassign
CVE-2021-13878.6MADReassign
CVE-2021-13138.6MADReassign
CVE-2020-35728.6MADReassign
CVE-2020-33738.6MADReassign
CVE-2020-32038.6MADReassign
CVE-2021-347208.6MADReassignCWE-771(Single Owned Address, Reassign, Memory Leak)
CVE-2020-61128.8MADRepositionCWE-823
  • (Missing Code, Verify, Wrong Value) →
    → (Wrong Index, Resposition, Over Bounds Pointer)
  • (Erroneous Code, Calculate, Wrong Result) →
    → (Wrong Index, Resposition, Over Bounds Pointer)
CVE-2022-06858.4MADReposition
CVE-2022-06148.4MADReposition
CVE-2022-05548.4MADReposition
CVE-2022-07297.8MADReposition
CVE-2020-135737.5MADReposition
CVE-2016-21617.5MADReposition
CVE-2021-13527.4MADReposition
CVE-2021-38897.1MADReposition
CVE-2021-33197.5MADRepositionCWE-588(Erroneous Code, Cast, Wrong Type) →
→ (Casted Pointer, Read/Write/Dereference, Type Confusion)
CVE-2022-3203210MUSWriteCWE-787(Hard Coded Address, Initialize/Reassign, Wild Pointer)
CVE-2022-3092610MUSWrite
CVE-2022-3092510MUSWrite
CVE-2022-3092410MUSWrite
CVE-2022-3092310MUSWrite
CVE-2022-3092210MUSWrite
CVE-2022-3092110MUSWrite
CVE-2022-3092010MUSWrite
CVE-2022-3245410MUSWriteCWE-121(Over Bounds Pointer/Under Bounds Pointer, Write, Buffer Overflow/Buffer Underflow)
CVE-2022-3120910MUSWriteCWE-120(Missing Code, Verify, Wrong Value) →
→ (Wrong Size, Allocate, Not Enough Memory Allocated) →
→ (Not Enough Memory Allocated, Write, Buffer Overflow)