8000 fix: Download CVE database failed (SHA mismatch) · Issue #5017 · intel/cve-bin-tool · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

fix: Download CVE database failed (SHA mismatch) #5017

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
yvon-dblg opened this issue Apr 7, 2025 · 3 comments
Closed

fix: Download CVE database failed (SHA mismatch) #5017

yvon-dblg opened this issue Apr 7, 2025 · 3 comments
Labels
bug Something isn't working

Comments

@yvon-dblg
Copy link

Description

Failed to download/update the CVE database

To reproduce

$ cve-bin-tool --update now
[11:53:44] INFO     cve_bin_tool - CVE Binary Tool v3.4                                                                                                                             cli.py:624
           INFO     cve_bin_tool - This product uses the NVD API but is not endorsed or certified by the NVD.                                                                       cli.py:625
           INFO     cve_bin_tool - For potentially faster NVD downloads, mirrors are available using -n json-mirror                                                                 cli.py:628
[11:53:46] WARNING  cve_bin_tool.CVEDB - Updating cachedir /home/user/.cache/cve-bin-tool                                                                                         cvedb.py:652
[11:53:47] INFO     cve_bin_tool - Getting NVD CVE data...                                                                                                                   nvd_source.py:389
           INFO     cve_bin_tool - Getting GitLab Advisory Database CVEs...                                                                                                   gad_source.py:86
           INFO     cve_bin_tool - Getting RedHat CVEs...                                                                                                                  redhat_source.py:69
           INFO     cve_bin_tool - Getting PURL2CPE data...                                                                                                              purl2cpe_source.py:36
           ERROR    CVEDB - Unable to fetch EPSS, skipping EPSS.                                                                                                            epss_source.py:158
[11:53:56] ERROR    cve_bin_tool.CVEDB - SHAMismatch: https://mirror.cveb.in/nvd/json/cve/1.1/nvdcve-1.1-2025.json.gz (have:                                              error_handler.py:214
                    A60E8BD7A22A0B01C46736AE6EAD5285A93918EAB48300CCD25BF29CA9511A0F, want: F24FEE7D6D8FF7F142F9C36D2A16A10A271995C5D7C023AA007765166B8B5AC5)                                 
Downloading CVEs... ━━━━━━━━━━╺━━━━━━━━━━━━━━━━━━━━━━━━━━━━━  25% 0:00:05╭─────────────────────────────── Traceback (most recent call last) ────────────────────────────────╮
│ /home/user/.local/lib/python3.12/site-packages/cve_bin_tool/data_sources/nvd_source.py:552 in    │
│ cache_update                                                                                     │
│                                                                                                  │
│   549 │   │   │   # exit(100)                                                                    │
│   550 │   │   │   filepath.unlink()                                                              │
│   551 │   │   │   with ErrorHandler(mode=self.error_mode, logger=self.LOGGER):                   │
│ ❱ 552 │   │   │   │   raise SHAMismatch(f"{url} (have: {gotsha}, want: {sha})")                  │
│   553 │                                                                                          │
│   554 │   def load_nvd_year(self, year: int) -> dict[str, str | object]:                         │
│   555 │   │   """                                                                                │
╰──────────────────────────────────────────────────────────────────────────────────────────────────╯
SHAMismatch: https://mirror.cveb.in/nvd/json/cve/1.1/nvdcve-1.1-2025.json.gz (have: A60E8BD7A22A0B01C46736AE6EAD5285A93918EAB48300CCD25BF29CA9511A0F, want: 
F24FEE7D6D8FF7F142F9C36D2A16A10A271995C5D7C023AA007765166B8B5AC5)

Expected behaviour:
No error while updating the databse

Actual behaviour:
SHAMismatch exception raised

Version/platform info

Version of CVE-bin-tool( e.g. output of cve-bin-tool --version): 3.4
Installed from pip: pip install cve-bin-tool

Operating system: Linux Ubuntu 24.04.2 LTS

  • Kernel 6.11.0-21-generic
  • Python version (e.g. python3 --version): Python 3.12.3
@yvon-dblg yvon-dblg added the bug Something isn't working label Apr 7, 2025
@ffontaine
Copy link
Contributor

Issue reproduced here, a workaround is to set -n json-nvd. I don't understand yet why there is a mismatch in sha256 provided by https://mirror.cveb.in

@ffontaine
Copy link
Contributor

There is no more SHA mismatch error today. I assume that there was a temporary issue with mirror.cveb.in.

@terriko
Copy link
Contributor
terriko commented Apr 11, 2025

We haven't managed to root cause this; best guess is a bit of a race condition when the data was downloaded. As it seems to be resolved and the right person knows it happened and is looking at the backend scripts, I'm going to close this, but please let me know if anyone sees it happen again.

@terriko terriko closed this as completed Apr 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@terriko @ffontaine @yvon-dblg
0