CVE-2024-43513: Question about affected version range and zero-width characters in JSON

[qAq221102]

Hi CVEProject team,

I’m currently building a tool that, given a Windows OS build version, identifies applicable CVEs.
While parsing CVE-2024-43513.json, I noticed two issues and would like to confirm whether they are
expected or specific to this record.

The screenshot below shows the file downloaded directly from this repository and opened in VS Code:

1. Possible affected-range inconsistency
   As far as I know, Windows 10 22H2 uses OS builds 10.0.19045.x. In this record, the CPE entry has:
   {
   "versionStartIncluding": "10.0.19045.0",
   "versionEndExcluding": "10.0.19041.5000"
   }
   Since 19045 > 19041, the interval would be empty. I also cross-checked NVD data, which suggests
   the end boundary may belong to a different build branch. Could you please confirm the intended range?

2. Zero-width characters
   When parsing versionEndExcluding in Python, the conversion failed due to embedded zero-width
   characters (e.g., U+200B). In VS Code, use Regular Expression and search for \u200B
   reveals these characters in the value.

Provenance

• Source: this repository (cvelistV5), file: CVE-2024-43513.json

Questions

• Is the affected range above correct, or should the end boundary be a 19045.x value?
• If zero-width characters are unintended, could they be removed from the record or filtered in the publishing pipeline?
• If this should instead be reported via the CVE Program request form or to a specific CNA, I would appreciate your guidance.

Thank you very much for maintaining this repository and for your help.

[M-nj]

You could reach out to the owning CNA (Microsoft) and request that they update their records.