Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Command Getting Killed While Updating CVE Database or Scanning with cve-bin-tool #4592

Open
pooja0805 opened this issue Nov 27, 2024 · 4 comments
Open

fix: Command Getting Killed While Updating CVE Database or Scanning with cve-bin-tool #4592

pooja0805 opened this issue Nov 27, 2024 · 4 comments
Labels
bug Something isn't working

Comments

@pooja0805
Copy link

Description

Hello Team,

I encountered an issue when attempting to update the CVE database or scan a file/directory using the cve-bin-tool. The process terminates with a "Killed" error, as shown in the output below:

[test@f961efb782bb ~]$ cve-bin-tool --disable-data-source EPSS -u now  
[03:45:39] INFO     cve_bin_tool - CVE Binary Tool v3.4                      cli.py:624  
           INFO     cve_bin_tool - This product uses the NVD API but is not  cli.py:625  
                    endorsed or certified by the NVD.  
           INFO     cve_bin_tool - For potentially faster NVD downloads,     cli.py:628  
                    mirrors are available using -n json-mirror  
           INFO     cve_bin_tool - Disabling data source EPSS                cli.py:771  
[03:45:49] WARNING  cve_bin_tool.CVEDB - Updating cachedir                 cvedb.py:652  
                    /home/test/.cache/cve-bin-tool  
[03:45:52] INFO     cve_bin_tool - Getting NVD CVE data...            nvd_source.py:389  
           INFO     cve_bin_tool - Getting GitLab Advisory Database    gad_source.py:86  
                    CVEs...  
           INFO     cve_bin_tool - Getting RedHat CVEs...           redhat_source.py:69  
           INFO     cve_bin_tool - Getting PURL2CPE data...       purl2cpe_source.py:36  
Downloading CVEs... ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:07  
[03:49:15] INFO     cve_bin_tool - Adding 35170 RedHat CVE entries redhat_source.py:136  
[03:51:30] INFO     cve_bin_tool - Getting Open Source Vulnerability  osv_source.py:161  
                    Database CVEs...  
Killed

The command terminates unexpectedly after downloading and processing some of the CVE data.

To reproduce

Steps to reproduce the behaviour:
Run the following command to update the CVE database:

cve-bin-tool --disable-data-source EPSS -u now

Expected behaviour: The command should complete the update process or scan successfully without terminating unexpectedly.
Actual behaviour: The command terminates unexpectedly after downloading and processing some of the CVE data.

Version/platform info

Version of CVE-bin-tool( e.g. output of cve-bin-tool --version): 3.4
Installed from pypi or github? pypi
Operating system: Linux/x86-64, linux/ppc64le
Python version (e.g. python3 --version): Python 3.11
Running in any particular CI environment we should know about? NA

Anything else?

Is there a known solution for this issue? Could this be related to resource limitations or another underlying problem? Any guidance or suggestions would be appreciated.

Thank you!
@pooja0805 pooja0805 added the bug Something isn't working label Nov 27, 2024
@terriko
Copy link
Contributor

terriko commented Nov 27, 2024

"killed" usually means it's been done by your system (cve-bin-tool itself terminates differently), so you've probably exceeded some system limit.

Likely culprits:

  • timeout (this happens a lot in CI and cloud systems with limits imposed)
  • disk space full

Running -u now will take about 10-30 minutes (depending on network/disk speed) and will need more than 2.5G of disk space.

BTW, even once you get things sorted I think cve-bin-tool will fail in your command because there's no file to scan, but it should do so after updating the database.

@pooja0805
Copy link
Author

@terriko Thanks for your quick response. Let me check my system configurations and try out again.

This was referenced Jan 22, 2025
Open
Merged
@shivamv300
Copy link

hi @terriko
I'm also running into the same issue, even though I have 50+GB available disk space.
I tried running the scan in batches (by disabling some data sources: --disable-data-source NVD,OSV,PURL2CPE,REDHAT,RSD in the first pass), but the first pass itself has been running for more than 10 hours.
(My system has 4 cores, and 16 GB memory - out of which 14+ GB is free).

I did have an observation with this first pass scan:htop shows resource utilisation for one of the CPU cores close to 99% (while the other cores are free)

Image

@terriko
Copy link
Contributor

terriko commented Feb 6, 2025

We've been seeing some out of memory issues that are likely related: #4710

@shivamv300 Other people have reported that disabling OSV solves the problem, but I see you've already tried that. The other thing that works in some cases is upgrading to python 3.13 (which has other memory improvements). I'm hideously sick so I haven't been able to work on figuring out a root cause, so any info and analysis is very welcome!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@terriko @shivamv300 @pooja0805