VYPR

CWE-193

Off-by-one Error

BaseDraft

Description

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (91)

page 1 of 5
  • CVE-2003-0466CriAug 27, 2003
    risk 0.73cvss 9.8epss 0.78

    Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow,…

  • CVE-2002-0083CriMar 15, 2002
    risk 0.68cvss 9.8epss 0.15

    Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

  • CVE-2001-0609CriAug 2, 2001
    risk 0.68cvss 9.8epss 0.18

    Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function.

  • CVE-2002-1816CriDec 31, 2002
    risk 0.67cvss 9.8epss 0.09

    Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ATPhttpd 0.4b and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.

  • CVE-2004-0005CriMar 3, 2004
    risk 0.65cvss 9.8epss 0.11

    Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer…

  • CVE-2003-0252CriAug 18, 2003
    risk 0.65cvss 9.8epss 0.16

    Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.

  • CVE-2026-48689CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.01

    FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffer, append_data_as_pointer, append_data_as_object_ptr, memcpy_from_ptr,…

  • CVE-2003-0356CriJun 9, 2003
    risk 0.64cvss 9.8epss 0.10

    Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and…

  • CVE-2001-1496CriDec 31, 2001
    risk 0.64cvss 9.8epss 0.05

    Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code.

  • CVE-2006-10003CriMar 19, 2026
    risk 0.57cvss 9.8epss 0.01

    XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls…

  • CVE-2016-10160CriJan 24, 2017
    risk 0.57cvss 9.8epss 0.07

    Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.

  • CVE-2010-1773HigSep 24, 2010
    risk 0.57cvss 8.8epss 0.02

    Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application…

  • CVE-2026-54410HigJun 14, 2026
    risk 0.56cvss 8.6epss 0.01

    nanoMODBUS through v1.23.0 contains an off-by-one buffer overflow in the recv_msg_header() function of the Modbus/TCP server that allows remote unauthenticated attackers to write one attacker-controlled byte past the end of the 260-byte receive buffer by sending a crafted MBAP…

  • CVE-2002-0653HigJul 11, 2002
    risk 0.54cvss 7.8epss 0.01

    Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.

  • CVE-2003-0625HigAug 27, 2003
    risk 0.52cvss 7.5epss 0.07

    Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response.

  • CVE-2024-46852HigSep 27, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix off-by-one in CMA heap fault handler Until VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps: Don't track CMA dma-buf pages under RssFile") it was possible to obtain a mapping…

  • CVE-2018-14682HigJul 28, 2018
    risk 0.51cvss 8.8epss 0.04

    An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.

  • CVE-2017-9720HigSep 21, 2017
    risk 0.51cvss 7.8epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, due to an off-by-one error in a camera driver, an out-of-bounds read/write can occur.

  • CVE-2004-0346HigNov 23, 2004
    risk 0.51cvss 7.8epss 0.06

    Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command.

  • CVE-2002-0844HigAug 12, 2002
    risk 0.51cvss 7.8epss 0.01

    Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code.