_MEM BFCVE Challenge
Irena Bojanova, Inventor, Creator, PI & Lead, Bugs Framework (BF), 2014 – ~~~~
Let’s start creating of a labeled dataset of memory related software security vulnerability specifications using BF’s memory bugs formalism (taxonomy and LL(1) formal grammar) .
There are 60 426 memory related CVEs (as of August 2023). To start with, we query the CVE for entries with CWEs assigned by NVD, where the CWEs also map by operation to BF Memory Corruption and Disclosure classes. We then order them by their severity scores according to the Common Vulnerability Scoring System (CVSS) and select maximum ten CVEs per operation – thus reducing the count to the most severe CVEs per _MEM BF operation.
First set of steps:
- Explore the 91 CVEs listed below. Each one has a memory related underlying weakness identified via our CWE2BF mappings and the NVD CWE to CVE assignments.
- Identify a CVE for wchich you can find the Bug Report, the Code with Bug, and the Code with Fix (locate the specific GitHub repository with the Diffs). See how these are listed for the examples in BFCVE on the left.
Second set of steps:
- Get to know the BF Memory Bugs Model .
- Get to know the taxonomies of the BF Memory Corruption/Disclosure Classes .
- Get to know the BF Tool .
- Collaborate on creating a BF specification of your CVE.
Important Note:Use the “NVD CWE” and “BF Chain(s) Indentifiable from NVD CWE” columns only as possibly useful guidance. In some cases, a listed CWE may be a wrongly assigned one by NVD, so please notify us if you encounter such. In some cases, the listed chains may be wrong or not the only possible, as the CWE information (from which they are retrieved) may be wrong or limited.
Third set of steps:
- Open in a text editor the .bfcve file where you saved the BF CVE description usign the BF Tool.
- Copy the entire content of the .bfcve file. This is your BF CVE specification in XML format.
- Submit the copied .bfcve content and the links to the Bug Report, the Code with Bug, and the Code with Fix here:
_MEM CVEs | CVSS | BF Class | BF Operation | NVD CWE | BF Chain(s) Indentifiable from NVD CWE |
| CVE-2022-1699 | 9.9 | MMN | Allocate | CWE-400 |
|
| CVE-2022-2259 | 9.8 | MMN | Allocate | CVE-2022-16492 | 9.8 | MMN | Allocate | CVE-2021-1275 | 9.8 | MMN | Allocate | CVE-2018-19282 | 9.8 | MMN | Allocate | CVE-2018-16491 | 9.8 | MMN | Allocate | CVE-2018-16486 | 9.8 | MMN | Allocate | CVE-2018-11936 | 9.8 | MMN | Allocate | CVE-2017-9119 | 9.8 | MMN | Allocate | CVE-2017-6713 | 9.8 | MMN | Allocate | CWE-770 | (Missing Code, Verify, Wrong Value) → → (Wrong Size, Allocate, Memory Overflow) |
| CVE-2022-22150 | 8.8 | MUS | Clear | CWE-460 | (Missing Code/Erroneous Code, Deallocate, Memory Leak) |
| CVE-2018-18924 | 8.8 | MUS | Clear | CWE-459 | (Erroneous Code, Clear, Not Cleared Object) |
| CVE-2021-37089 | 7.8 | MUS | Clear | CVE-2018-19961 | 7.8 | MUS | Clear | CVE-2018-18281 | 7.8 | MUS | Clear | CVE-2021-45706 | 7.5 | MUS | Clear | CVE-2021-45330 | 7.5 | MUS | Clear | CVE-2021-32928 | 7.5 | MUS | Clear | CVE-2020-13451 | 7.5 | MUS | Clear | CVE-2019-11514 | 7.5 | MUS | Clear | CVE-2022-22086 | 10 | MMN | Deallocate | CWE-415 | (Erroneous Code, Deallocate, Double Free) |
| CVE-2022-20127 | 10 | MMN | Deallocate | CVE-2021-37120 | 10 | MMN | Deallocate | CVE-2021-1910 | 10 | MMN | Deallocate | CVE-2020-8432 | 10 | MMN | Deallocate | CVE-2019-15504 | 10 | MMN | Deallocate | CVE-2018-20961 | 10 | MMN | Deallocate | CVE-2018-0101 | 10 | MMN | Deallocate | CVE-2020-6016 | 10 | MMN | Deallocate | CWE-590 | (Mismatched Operation, Deallocate, Object Corruption) |
| CVE-2020-0103 | 10 | MMN | Deallocate | CWE-763 | (Mismatched Operation, Deallocate, Object Corruption) |
| CVE-2022-28350 | 10 | MUS | Dereference | CWE-416 | (Dangling Pointer, Read/Write/Dereference, Use After Free) |
| CVE-2022-28349 | 10 | MUS | Dereference | CVE-2022-28348 | 10 | MUS | Dereference | CVE-2022-21806 | 10 | MUS | Dereference | CVE-2021-37045 | 10 | MUS | Dereference | CVE-2021-21941 | 10 | MUS | Dereference | CVE-2021-21941 | 10 | MUS | Dereference | CVE-2021-1976 | 10 | MUS | Dereference | CVE-2020-9633 | 10 | MUS | Dereference | CVE-2022-28350 | 10 | MUS | Read | CVE-2022-28349 | 10 | MUS | Read | CVE-2022-28348 | 10 | MUS | Read | CVE-2022-21806 | 10 | MUS | Read | CVE-2021-37045 | 10 | MUS | Read | CVE-2021-1946 | 10 | MUS | Dereference | CWE-476 | (NULL Pointer, Dereference, NULL Pointer Dereference) |
| CVE-2021-1829 | 10 | MUS | Dereference | CWE-843 | (Wrong Object Type Resolved, Coerce, Wrong Type)
→ → (Casted Pointer, Read/Write/Dereference, Type Confusion) |
| CVE-2019-15900 | 10 | MUS | Initalize Object | CWE-908 | (Missing Code, Initialize Object, Uninitialized Object) → → (Uninitialized Object, . . . , . . . ) |
| CVE-2019-14052 | 10 | MUS | Initalize Object | CVE-2019-10541 | 10 | MUS | Initalize Object | CVE-2021-1619 | 9.8 | MUS | Initalize Object | CVE-2019-9805 | 9.8 | MUS | Initalize Object | CVE-2019-7321 | 9.8 | MUS | Initalize Object | CVE-2019-5067 | 9.8 | MUS | Initalize Object | CVE-2019-12730 | 9.8 | MUS | Initalize Object | CVE-2019-0006 | 9.8 | MUS | Initalize Object | CVE-2017-13715 | 10 | MUS | Initalize Object | CWE-665 | (Missing Code/Erroneous Code, Initialize Object, Uninitialized Object) |
| CVE-2021-28216 | 4.6 | MAD | Initalize Pointer | CWE-587 | (Hard Coded Address, Initialize/Reassign, Wild Pointer) |
| CVE-2022-20238 | 10 | MUS | Read | CWE-119 | (Missing Code, Verify, Wrong Value) → → (Wrong Index, Reassign, Over Bounds Pointer/Under Bounds Pointer) → → (Over Bounds Pointer/Under Bounds Pointer, Read/Write, Buffer Overflow/Buffer Underflow/Buffer Over-Read/Buffer Under-Read) |
| CVE-2021-40393 | 10 | MUS | Read | CVE-2021-39708 | 10 | MUS | Read | CVE-2021-27692 | 10 | MUS | Read | CVE-2021-40050 | 10 | MUS | Read | CWE-125 | (Erroneous Code, Calculate, Wrong Result) → → (Wrong Index, Reposition, Over Bounds Pointer/Under Bounds Pointer) → → (Over Bounds Pointer/Under Bounds Pointer, Read, Buffer Over-Read/Buffer Under-Read) |
| CVE-2022-41837 | 9.8 | MAD | Reassign | CWE-562 | (Erroneous Code, Reassign, Wild Pointer) |
| CVE-2021-21798 | 8.8 | MAD | Reassign | CVE-2021-34792 | 8.6 | MAD | Reassign | CWE-401 | (Single Owned Address, Reassign, Memory Leak) |
| CVE-2021-34698 | 8.6 | MAD | Reassign | CVE-2021-1387 | 8.6 | MAD | Reassign | CVE-2021-1313 | 8.6 | MAD | Reassign | CVE-2020-3572 | 8.6 | MAD | Reassign | CVE-2020-3373 | 8.6 | MAD | Reassign | CVE-2020-3203 | 8.6 | MAD | Reassign | CVE-2021-34720 | 8.6 | MAD | Reassign | CWE-771 | (Single Owned Address, Reassign, Memory Leak) |
| CVE-2020-6112 | 8.8 | MAD | Reposition | CWE-823 |
|
| CVE-2022-0685 | 8.4 | MAD | Reposition | CVE-2022-0614 | 8.4 | MAD | Reposition | CVE-2022-0554 | 8.4 | MAD | Reposition | CVE-2022-0729 | 7.8 | MAD | Reposition | CVE-2020-13573 | 7.5 | MAD | Reposition | CVE-2016-2161 | 7.5 | MAD | Reposition | CVE-2021-1352 | 7.4 | MAD | Reposition | CVE-2021-3889 | 7.1 | MAD | Reposition | CVE-2021-3319 | 7.5 | MAD | Reposition | CWE-588 | (Erroneous Code, Cast, Wrong Type) → → (Casted Pointer, Read/Write/Dereference, Type Confusion) |
| CVE-2022-32032 | 10 | MUS | Write | CWE-787 | (Hard Coded Address, Initialize/Reassign, Wild Pointer) |
| CVE-2022-30926 | 10 | MUS | Write | CVE-2022-30925 | 10 | MUS | Write | CVE-2022-30924 | 10 | MUS | Write | CVE-2022-30923 | 10 | MUS | Write | CVE-2022-30922 | 10 | MUS | Write | CVE-2022-30921 | 10 | MUS | Write | CVE-2022-30920 | 10 | MUS | Write | CVE-2022-32454 | 10 | MUS | Write | CWE-121 | (Over Bounds Pointer/Under Bounds Pointer, Write, Buffer Overflow/Buffer Underflow) |
| CVE-2022-31209 | 10 | MUS | Write | CWE-120 | (Missing Code, Verify, Wrong Value) → → (Wrong Size, Allocate, Not Enough Memory Allocated) → → (Not Enough Memory Allocated, Write, Buffer Overflow) |