GVM 20.08: update_cve_xml: Failed to parse element

Just finished building gvm source 20.08 on Centos8. The build process seems to have gone well, but I am seeing this in my gvmd.log over and over and over again.

Sadly, the log isn’t very helpful. I appreciate any help to isolate the issue here. (for example, is there a debugging option for gvmd…???)

Here is the repeating log segment. I am guessing this will impact the ability of scans to generate proper reports…

md manage: INFO:2020-08-27 15h22.03 utc:1685: Updating /opt/gvm/var/lib/gvm/scap-data/nvdcve-2.0-2002.xml
md manage: INFO:2020-08-27 15h22.08 utc:1685: Updating /opt/gvm/var/lib/gvm/scap-data/nvdcve-2.0-2003.xml
md manage: INFO:2020-08-27 15h22.09 utc:1685: Updating /opt/gvm/var/lib/gvm/scap-data/nvdcve-2.0-2004.xml
md manage: INFO:2020-08-27 15h22.12 utc:1685: Updating /opt/gvm/var/lib/gvm/scap-data/nvdcve-2.0-2005.xml
md manage:WARNING:2020-08-27 15h22.13 utc:1685: update_cve_xml: Failed to parse element
md manage:WARNING:2020-08-27 15h22.22 utc:2242: update_scap: No SCAP db present, rebuilding SCAP db from scratch
md manage: INFO:2020-08-27 15h22.22 utc:2242: update_scap: Updating data from feed
md manage: INFO:2020-08-27 15h22.22 utc:2242: Updating CPEs
md manage: INFO:2020-08-27 15h23.25 utc:2242: Updating /opt/gvm/var/lib/gvm/scap-data/nvdcve-2.0-2002.xml
md manage: INFO:2020-08-27 15h23.29 utc:2242: Updating /opt/gvm/var/lib/gvm/scap-data/nvdcve-2.0-2003.xml
md manage: INFO:2020-08-27 15h23.31 utc:2242: Updating /opt/gvm/var/lib/gvm/scap-data/nvdcve-2.0-2004.xml
md manage: INFO:2020-08-27 15h23.34 utc:2242: Updating /opt/gvm/var/lib/gvm/scap-data/nvdcve-2.0-2005.xml
md manage:WARNING:2020-08-27 15h23.34 utc:2242: update_cve_xml: Failed to parse element
md manage:WARNING:2020-08-27 15h23.40 utc:2802: update_scap: No SCAP db present, rebuilding SCAP db from scratch
md manage: INFO:2020-08-27 15h23.40 utc:2802: update_scap: Updating data from feed
md manage: INFO:2020-08-27 15h23.40 utc:2802: Updating CPEs

I figured out the debug logging. But, I’m not seeing any other error other than the one posted above. Hmmm.

md manage: DEBUG:2020-08-27 16h57.48 utc:19234: sql: INSERT INTO scap2.cves (uuid, name, creation_time, modification_time, cvss, description, vector, complexity, authentication, confidentiality_impact, integrity_impact, availability_impact, products) VALUES (‘CVE-2004-1886’, ‘CVE-2004-1886’, 1080018000, 1211342400, NULL, ‘** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-1848. Reason: This candidate is a duplicate of CVE-2004-1848. Notes: All CVE users should reference CVE-2004-1848 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.’, ‘’, ‘’, ‘’, ‘’, ‘’, ‘’, ‘’) ON CONFLICT (uuid) DO UPDATE SET name = EXCLUDED.name, creation_time = EXCLUDED.creation_time, modification_time = EXCLUDED.modification_time, cvss = EXCLUDED.cvss, description = EXCLUDED.description, vector = EXCLUDED.vector, complexity = EXCLUDED.complexity, authentication = EXCLUDED.authentication, confidentiality_impact = EXCLUDED.confidentiality_impact, integrity_impact = EXCLUDED.integrity_impact, availability_impact = EXCLUDED.availability_impact, products = EXCLUDED.products RETURNING scap2.cves.id;
md manage: DEBUG:2020-08-27 16h57.48 utc:19234: sql_x end (INSERT INTO scap2.cves (uuid, name, creation_time, modification_time, cvss, description, vector, complexity, authentication, confidentiality_impact, integrity_impact, availability_impact, products) VALUES (’%s’, ‘%s’, %i, %i, %s, ‘%s’, ‘%s’, ‘%s’, ‘%s’, ‘%s’, ‘%s’, ‘%s’, ‘%s’) ON CONFLICT (uuid) DO UPDATE SET name = EXCLUDED.name, creation_time = EXCLUDED.creation_time, modification_time = EXCLUDED.modification_time, cvss = EXCLUDED.cvss, description = EXCLUDED.description, vector = EXCLUDED.vector, complexity = EXCLUDED.complexity, authentication = EXCLUDED.authentication, confidentiality_impact = EXCLUDED.confidentiality_impact, integrity_impact = EXCLUDED.integrity_impact, availability_impact = EXCLUDED.availability_impact, products = EXCLUDED.products RETURNING scap2.cves.id;)
md manage: DEBUG:2020-08-27 16h57.48 utc:19234: sql: COMMIT;
md manage: INFO:2020-08-27 16h57.48 utc:19234: Updating /opt/gvm/var/lib/gvm/scap-data/nvdcve-2.0-2005.xml
md manage:WARNING:2020-08-27 16h57.48 utc:19234: update_cve_xml: Failed to parse element
md manage: DEBUG:2020-08-27 16h57.58 utc:19213: sql: BEGIN;
md manage: DEBUG:2020-08-27 16h57.58 utc:19213: sql: SELECT value FROM public.meta WHERE name = ‘update_nvti_cache’;
md manage: DEBUG:2020-08-27 16h57.58 utc:19213: sql_x end (SELECT value FROM %s.meta WHERE name = ‘update_nvti_cache’:wink:
md manage: DEBUG:2020-08-27 16h57.58 utc:19213: sql: COMMIT;

I’m also running into this. It keeps continually attempting to download SCAP data. /usr/local/var/lib/gvm exists, and contains the data:

openvas:/usr/local/var/lib/gvm$ du -sh scap-data/
942M    scap-data/

log repeatedly reports:

    md manage:WARNING:2020-09-09 21h02.14 utc:2010: update_scap: No SCAP db present, rebuilding SCAP db from scratch
    md manage:   INFO:2020-09-09 21h02.15 utc:2010: update_scap: Updating data from feed
    md manage:   INFO:2020-09-09 21h02.15 utc:2010: Updating CPEs

and a huge SQL statement (more than 4k lines long) ending in (starting from a random point in the statement):

...8.5.1', 'Cisco Unified MeetingPlace 8.5.1', 1352850893, 1352850893, 'FINAL', NULL, '184845'), ('cpe:/a:cisco:unified_meetingplace:8.5.2', 'cpe:/a:cisco:unified_meetingplace:8.5.2', 'Cisco Unified MeetingPlace 8.5.2', 1352850893, 1352850893, 'FINAL', NULL, '184846'), ('cpe:/a:cisco:unified_meetingplace:8.5.3', 'cpe:/a:cisco:unified_meetingplace:8.5.3', 'Cisco Unified MeetingPlace 8.5.3', 1352850893, 1352850893, 'FINAL', NULL, '184847'), ('cpe:/a:cisco:unified_meetingplace:8.5.4', 'cpe:/a:cisco:unified_meetingplace:8.5.4', 'Cisco Unified MeetingPlace 8.5.4', 1352850893, 1352850893, 'FINAL', NULL, '184848') ON CONFLICT (uuid) DO UPDATE SET name = EXCLUDED.name,     title = EXCLUDED.title,     creation_time = EXCLUDED.creation_time,     modification_time = EXCLUDED.modification_time,     status = EXCLUDED.status,     deprecated_by_id = EXCLUDED.deprecated_by_id,     nvd_id = EXCLUDED.nvd_id

followed by:

md manage:WARNING:2020-09-09 21h04.40 utc:2010: sqlv: sql_exec_internal failed

I don’t know if the query failure is related to the SCAP data thing.

I experienced the very same issue. It was caused by an invalid XML file - the last one in list (most probably a download issue). Try checking whether the XML is valid, e.g. xmllint --noout /opt/gvm/var/lib/gvm/scap-data/nvdcve-2.0-2005.xml
I just deleted the invalid XML file, restarted synchronization (greenbone-scapdata-sync) and restarted the gvmd.service.

1 Like