seteuid0's blog
Themed by Diary.
[zz]CVE-IDs have a new format


First CVE-IDs Issued in New Numbering Format Now Available

January 13, 2015 | Share this article

The first ever CVE-ID numbers issued in the new CVE-ID numbering format were posted on January 13, 2015 for vulnerabilities disclosed in 2014: CVE-2014-10001 with 5 digits andCVE-2014-100001 with 6 digits.

The format of CVE-ID numbers was changed a year ago this month in January 2014 so that the CVE project can track 10,000 or more vulnerabilities for a given calendar year. Previously, CVE-IDs were restricted to four digits at the end in the sequence number portion of the ID, for example “CVE-2014-0160”, but this four-digit restriction only allowed up to 9,999 vulnerabilities per year. With the new format, CVE-ID numbers may have 4, 5, 6, 7, or more digits in the sequence number if needed in a calendar year. For example, the just released “CVE-2014-10001” with 5 digits in the sequence number and “CVE-2014-100001” with 6 digits in the sequence number, or CVE-2014-XXXXXXX with 7 digits in the sequence number, and so on.

Additional CVE-IDs in the new format with 5 and 6 digits in the sequence number were also issued today—CVE-2014-10001 through CVE-2014-10039 with 5 digits, and CVE-2014-100001 through CVE-2014-100038 with 6 digits—to also identify vulnerabilities disclosed in 2014. Enter these CVE-ID numbers on the CVE List search page to learn more about each issue.

Please report any problems, or anticipated problems, that you encounter with CVE-IDs issued in the new format to