fix: cannot download database after update to v3.4

[Mrkzw9]

Description

Cannot update the database, always remind the issue about network but I can update database when v3.3 at same environment.
Put the log as below.

Cve-bin-tool.txt

To reproduce

Steps to reproduce the behaviour:

1. scan using "cve-bin-tool /doc location";

Expected behaviour: cve-bin-tool update databae then start scanning
Actual behaviour: feedback results

Version/platform info

Version of CVE-bin-tool( e.g. output of cve-bin-tool --version): v3.4
Installed from pypi or github? ubuntu pip
Operating system: Ubuntu
Python version (e.g. python3 --version): 3.10
Running in any particular CI environment we should know about? (e.g. Github Actions) No

Anything else?

Hi Dear, I have checked the issues list but seems no one reported the same issue, so I am thinking whether it is the network issue but it can work normally before, I am lose...So it will be appreciate for any suggestion! Thank you in advance!

[terriko]

Looks like you're having trouble connecting to our mirror:

ClientConnectorError: Cannot connect to host mirror.cveb.in:443 ssl:default 

But you're also auto-skipping GAD and EPSS likely due to similar network issues. It just fails on NVD because it's required for cve-bin-tool to run.

I would guess that the problem is likely something in your network since I haven't seen anyone else reporting this. It reminds me of what happens when routing tables are messed up because that's something I used to see regularly in the early days of IPv6, but I don't think I can debug that for you. It's probably something you'll need to take up with your internet provider.

Some things to try:

1. try going to mirror.cveb.in in your web browser and see if that works at all. If that doesn't work, this is where you call your internet people and ask them why (1st level tech support is unlikely to understand cve-bin-tool but "I can't get to this website" should be a thing they can work on)
2. Wait a bit and try again -- routing issues of this type tend to get fixed by someone eventually
3. Try using a different data source for NVD. NVD is the only required source, so if you can get the data directly from them instead of the mirror that should still work. It'll likely be very slow, but that's better than nothing.
4. Try downloading from a different network connection to see what happens (e.g. go to the library, try it in a cloud vm like github actions). Be aware that we're downloading 2.5G of data so probably a bit rude to do it in a coffee shop during a busy time, but you could start the download to see if it works.

[terriko]

Coming back to add: we're also having trouble updating the cache today, so there may be something else going on.

[warthog9]

Best suggestion is: can you hit https://cveb.in/ and get to the website there? If you can't there's something weird going on there, because I'm not seeing anything obvious that's broken on the cveb.in side. I did reboot the system yesterday to deal with the rsync CVE that came out, but that's been the only change per-se in the past 48hours or so.

If you can't hit https://cveb.in then there's a routing issue going on there and traceroutes would be helpful but network wise I don't know of anything weird going on

[Mrkzw9]

Hi Terriko, Warthog,

Thanks for your reply.
I can connect to the mirror.cveb.in & https://cveb.in/, but still cannot update my database in tool.
Could you please share how could I change the data source for NVD?
This problem has confuse me since v3.4 released, I have try in company and home for different network connection but not works.
Btw, Is this will because of Chinese network limition? But I can connect to websites in browser.