As of January 1, 2014, MITRE implemented a change in the CVE ID syntax / format. Prior to that, IDs consisted of a year prefix and a four digit identifier. As vulnerability disclosures increased, there was a need for more than 10,000 IDs in a single year. After the change, an ID consisted of a year and a variable number, as many as seven digits in practice, but in theory could be more. The syntax now consists of:
CVE prefix + Year + Arbitrary Digits
In advance of this change, MITRE added several reserved sample CVE IDs explicitly for the purpose of stress-testing organizations that implemented CVE. The idea was to trigger errors in their implementations that would alert organizations that did not see the news of the syntax change. The following IDs were created for that purpose:
RBS adapted to the CVE ID change at the time and is compatible with CVE IDs of any format in the VulnDB product.
We are here to help! If you still have questions, you can submit a ticket from within the knowledge base or by emailing firstname.lastname@example.org.