VYPR

CWE-193

Off-by-one Error

BaseDraft

Description

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (91)

page 3 of 5
  • CVE-2001-1391MedApr 17, 2001
    risk 0.36cvss 5.5epss 0.00

    Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory.

  • CVE-2026-8357MedJun 15, 2026
    risk 0.35cvss epss 0.00

    LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula…

  • CVE-2017-1000416MedJan 22, 2018
    risk 0.35cvss 5.3epss 0.01

    axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting in the year (19)50 of UTCTime being misinterpreted as 2050.

  • CVE-2026-45358MedJun 10, 2026
    risk 0.34cvss 5.3epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, an off by one in the meta encoder could result in an out of bounds read of a single byte in the meta encoder. This issue has been patched in…

  • CVE-2025-30742MedMar 26, 2025
    risk 0.34cvss 5.3epss 0.00

    httpd.c in atophttpd 2.8.0 has an off-by-one error and resultant out-of-bounds read because a certain 1024-character req string would not have a final '\0' character.

  • CVE-2026-40312MedApr 13, 2026
    risk 0.33cvss 6.2epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL decoder could result in a crash when a malicous MSL file is read. This issue has been fixed in version 7.1.2-19.

  • CVE-2026-7572MedMay 6, 2026
    risk 0.29cvss 4.4epss 0.00

    An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service (DoS) via a process crash by providing a specially crafted .evtx…

  • CVE-2026-23257MedMar 18, 2026
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to the label setup_nic_dev_free on failure. The current cleanup loop while(i--) skip…

  • CVE-2026-23256MedMar 18, 2026
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to the label setup_nic_dev_free on failure. The current cleanup loop while(i--) skip…

  • CVE-2026-42015MedMay 26, 2026
    risk 0.27cvss 5.3epss 0.01

    A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could…

  • CVE-2026-31988MedMar 11, 2026
    risk 0.27cvss 5.3epss 0.00

    yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate() function. The while loop condition checks cursor < data.length + 4 instead of cursor + 4 <= data.length,…

  • CVE-2026-46559MedJun 10, 2026
    risk 0.26cvss 4.0epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options. This issue has been…

  • CVE-2026-44603LowMay 7, 2026
    risk 0.24cvss 3.7epss 0.00

    Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007.

  • CVE-2026-45380LowJun 10, 2026
    risk 0.23cvss 3.6epss 0.00

    bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink() allows an attacker to craft a .7z archive that, when extracted with bit7z on any…

  • CVE-2026-44065MedMay 21, 2026
    risk 0.20cvss 4.2epss 0.00

    An off-by-two error in lp_write() in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data.

  • CVE-2026-40254MedApr 24, 2026
    risk 0.20cvss 4.2epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by-one in the path traversal filter in `channels/drive/client/drive_file.c`. The `contains_dotdot()` function catches `../` and `..\` mid-path but misses `..` when it's the last…

  • CVE-2026-52804medJun 23, 2026
    risk 0.19cvss epss 0.01

    ## Summary A repository admin collaborator can escalate their privileges to owner-level access by exploiting an off-by-one error in the `ChangeCollaborationAccessMode` function. ## Vulnerable Code In `internal/database/repo_collaboration.go`, line 129: ```go func (r…

  • CVE-2026-43964LowMay 4, 2026
    risk 0.17cvss 3.7epss 0.00

    Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.

  • CVE-2026-43860LowMay 4, 2026
    risk 0.17cvss 3.7epss 0.00

    mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest.

  • CVE-2026-5123LowMar 30, 2026
    risk 0.17cvss 3.7epss 0.00

    A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go. Executing a manipulation of the argument data[1] can lead to off-by-one. The attack may be launched remotely. Attacks of this nature are highly…