CWE-193
AllowedOff-by-one Error
Abstraction: Base · Status: Draft
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
256 vulnerabilities reference this CWE, most recent first.
GHSA-JXC5-X72R-W93V
Vulnerability from github – Published: 2024-08-14 03:31 – Updated: 2024-08-14 03:31An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.
{
"affected": [],
"aliases": [
"CVE-2024-36136"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-14T03:15:04Z",
"severity": "HIGH"
},
"details": "An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.",
"id": "GHSA-jxc5-x72r-w93v",
"modified": "2024-08-14T03:31:09Z",
"published": "2024-08-14T03:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36136"
},
{
"type": "WEB",
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JXV8-P782-98CX
Vulnerability from github – Published: 2026-03-25 18:31 – Updated: 2026-03-25 18:31fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c.
{
"affected": [],
"aliases": [
"CVE-2026-34085"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T17:17:09Z",
"severity": "MODERATE"
},
"details": "fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c.",
"id": "GHSA-jxv8-p782-98cx",
"modified": "2026-03-25T18:31:55Z",
"published": "2026-03-25T18:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34085"
},
{
"type": "WEB",
"url": "https://gitlab.freedesktop.org/fontconfig/fontconfig/-/commit/b9bec06d73340f1b5727302d13ac3df307b7febc"
},
{
"type": "WEB",
"url": "https://gitlab.freedesktop.org/fontconfig/fontconfig/-/merge_requests/446"
},
{
"type": "WEB",
"url": "https://gitlab.freedesktop.org/fontconfig/fontconfig/-/work_items/481"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-M3CP-9JQ6-3GG3
Vulnerability from github – Published: 2026-01-23 18:31 – Updated: 2026-07-14 15:31In the Linux kernel, the following vulnerability has been resolved:
dm-verity: disable recursive forward error correction
There are two problems with the recursive correction:
-
It may cause denial-of-service. In fec_read_bufs, there is a loop that has 253 iterations. For each iteration, we may call verity_hash_for_block recursively. There is a limit of 4 nested recursions - that means that there may be at most 253^4 (4 billion) iterations. Red Hat QE team actually created an image that pushes dm-verity to this limit - and this image just makes the udev-worker process get stuck in the 'D' state.
-
It doesn't work. In fec_read_bufs we store data into the variable "fio->bufs", but fio bufs is shared between recursive invocations, if "verity_hash_for_block" invoked correction recursively, it would overwrite partially filled fio->bufs.
{
"affected": [],
"aliases": [
"CVE-2025-71161"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-23T16:15:53Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-verity: disable recursive forward error correction\n\nThere are two problems with the recursive correction:\n\n1. It may cause denial-of-service. In fec_read_bufs, there is a loop that\nhas 253 iterations. For each iteration, we may call verity_hash_for_block\nrecursively. There is a limit of 4 nested recursions - that means that\nthere may be at most 253^4 (4 billion) iterations. Red Hat QE team\nactually created an image that pushes dm-verity to this limit - and this\nimage just makes the udev-worker process get stuck in the \u0027D\u0027 state.\n\n2. It doesn\u0027t work. In fec_read_bufs we store data into the variable\n\"fio-\u003ebufs\", but fio bufs is shared between recursive invocations, if\n\"verity_hash_for_block\" invoked correction recursively, it would\noverwrite partially filled fio-\u003ebufs.",
"id": "GHSA-m3cp-9jq6-3gg3",
"modified": "2026-07-14T15:31:32Z",
"published": "2026-01-23T18:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71161"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/232948cf600fba69aff36b25d85ef91a73a35756"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4220cb37406915c926c0e4a3dbab77cd9cceeb1e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/897d9006e75f46f8bd7df78faa424327ae6a4bcf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8b821ca892cfeeaf0bedc9fc72717294f67144d5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d9f3e47d3fae0c101d9094bc956ed24e7a0ee801"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e227d2b229c7529bd98d348efc55262ccf24ab35"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M47Q-4224-6RVC
Vulnerability from github – Published: 2026-05-07 06:31 – Updated: 2026-05-07 06:31Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007.
{
"affected": [],
"aliases": [
"CVE-2026-44603"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-07T04:16:35Z",
"severity": "LOW"
},
"details": "Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007.",
"id": "GHSA-m47q-4224-6rvc",
"modified": "2026-05-07T06:31:42Z",
"published": "2026-05-07T06:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44603"
},
{
"type": "WEB",
"url": "https://forum.torproject.org/c/news/tor-release-announcement/28"
},
{
"type": "WEB",
"url": "https://gitlab.torproject.org/tpo/core/tor/-/commit/1703df3d439c83c2184e259fad1cfa19240f9c89"
},
{
"type": "WEB",
"url": "https://gitlab.torproject.org/tpo/core/tor/-/work_items/41245"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2026/05/06/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-M9R6-94F7-4J6M
Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-12-26 18:30In the Linux kernel, the following vulnerability has been resolved:
irqchip/gic-v3-its: Fix potential VPE leak on error
In its_vpe_irq_domain_alloc, when its_vpe_init() returns an error, there is an off-by-one in the number of VPEs to be freed.
Fix it by simply passing the number of VPEs allocated, which is the index of the loop iterating over the VPEs.
[maz: fixed commit message]
{
"affected": [],
"aliases": [
"CVE-2021-47373"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T15:15:23Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gic-v3-its: Fix potential VPE leak on error\n\nIn its_vpe_irq_domain_alloc, when its_vpe_init() returns an error,\nthere is an off-by-one in the number of VPEs to be freed.\n\nFix it by simply passing the number of VPEs allocated, which is the\nindex of the loop iterating over the VPEs.\n\n[maz: fixed commit message]",
"id": "GHSA-m9r6-94f7-4j6m",
"modified": "2024-12-26T18:30:33Z",
"published": "2024-05-21T15:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47373"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/280bef512933b2dda01d681d8cbe499b98fc5bdd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/42d3711c23781045e7a5cd28536c774b9a66d20b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/568662e37f927e3dc3e475f3ff7cf4ab7719c5e7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5701e8bff314c155e7afdc467b1e0389d86853d0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7d39992d45acd6f2d6b2f62389c55b61fb3d486b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e0c1c2e5da19685a20557a50f10c6aa4fa26aa84"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MC4G-XGV8-54R7
Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
{
"affected": [],
"aliases": [
"CVE-2010-3454"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-01-28T22:00:00Z",
"severity": "HIGH"
},
"details": "Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.",
"id": "GHSA-mc4g-xgv8-54r7",
"modified": "2022-05-13T01:03:56Z",
"published": "2022-05-13T01:03:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3454"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=640954"
},
{
"type": "WEB",
"url": "http://osvdb.org/70715"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40775"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42999"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43065"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43105"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43118"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60799"
},
{
"type": "WEB",
"url": "http://ubuntu.com/usn/usn-1056-1"
},
{
"type": "WEB",
"url": "http://www.cs.brown.edu/people/drosenbe/research.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2011/dsa-2151"
},
{
"type": "WEB",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027"
},
{
"type": "WEB",
"url": "http://www.openoffice.org/security/cves/CVE-2010-3453_CVE-2010-3454.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0181.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0182.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/46031"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1025002"
},
{
"type": "WEB",
"url": "http://www.vsecurity.com/resources/advisory/20110126-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0230"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0232"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0279"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MFC2-6J6Q-99VP
Vulnerability from github – Published: 2026-06-24 18:32 – Updated: 2026-07-15 15:32In the Linux kernel, the following vulnerability has been resolved:
bpf, arm64: Fix off-by-one in check_imm signed range check
check_imm(bits, imm) is used in the arm64 BPF JIT to verify that a branch displacement (in arm64 instruction units) fits into the signed N-bit immediate field of a B, B.cond or CBZ/CBNZ encoding before it is handed to the encoder. The macro currently tests for (imm > 0 && imm >> bits) || (imm < 0 && ~imm >> bits) which admits values in [-2^N, 2^N) — effectively a signed (N+1)-bit range. A signed N-bit field only holds [-2^(N-1), 2^(N-1)), so the check admits one extra bit of range on each side.
In particular, for check_imm19(), values in [2^18, 2^19) slip past the check but do not fit into the 19-bit signed imm19 field of B.cond. aarch64_insn_encode_immediate() then masks the raw value into the 19-bit field, setting bit 18 (the sign bit) and flipping a forward branch into a backward one. Same class of issue exists for check_imm26() and the B/BL encoding. Shift by (bits - 1) instead of bits so the actual signed N-bit range is enforced.
{
"affected": [],
"aliases": [
"CVE-2026-53036"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-24T17:17:15Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Fix off-by-one in check_imm signed range check\n\ncheck_imm(bits, imm) is used in the arm64 BPF JIT to verify that\na branch displacement (in arm64 instruction units) fits into the\nsigned N-bit immediate field of a B, B.cond or CBZ/CBNZ encoding\nbefore it is handed to the encoder. The macro currently tests for\n(imm \u003e 0 \u0026\u0026 imm \u003e\u003e bits) || (imm \u003c 0 \u0026\u0026 ~imm \u003e\u003e bits) which admits\nvalues in [-2^N, 2^N) \u2014 effectively a signed (N+1)-bit range. A\nsigned N-bit field only holds [-2^(N-1), 2^(N-1)), so the check\nadmits one extra bit of range on each side.\n\nIn particular, for check_imm19(), values in [2^18, 2^19) slip past\nthe check but do not fit into the 19-bit signed imm19 field of\nB.cond. aarch64_insn_encode_immediate() then masks the raw value\ninto the 19-bit field, setting bit 18 (the sign bit) and flipping\na forward branch into a backward one. Same class of issue exists\nfor check_imm26() and the B/BL encoding. Shift by (bits - 1)\ninstead of bits so the actual signed N-bit range is enforced.",
"id": "GHSA-mfc2-6j6q-99vp",
"modified": "2026-07-15T15:32:45Z",
"published": "2026-06-24T18:32:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53036"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1a113b5497297871699cd498b1b83542e0db7f15"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1dd8be4ec722ce54e4cace59f3a4ba658111b3ec"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6927f0d6794aa73318bbfa929f1ff6065b0620df"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7fd3b41260c6120e7b60164afea5d961af6224f9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a5dfeb3b61065039488342d43ae06d4729d955d4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fb74defa1cca1a73177c0c761e641332e4f979a3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MX97-6HP9-H76Q
Vulnerability from github – Published: 2024-08-17 12:30 – Updated: 2024-08-20 21:30In the Linux kernel, the following vulnerability has been resolved:
hwmon: (ltc2991) re-order conditions to fix off by one bug
LTC2991_T_INT_CH_NR is 4. The st->temp_en[] array has LTC2991_MAX_CHANNEL (4) elements. Thus if "channel" is equal to LTC2991_T_INT_CH_NR then we have read one element beyond the end of the array. Flip the conditions around so that we check if "channel" is valid before using it as an array index.
{
"affected": [],
"aliases": [
"CVE-2024-43852"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-17T10:15:10Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ltc2991) re-order conditions to fix off by one bug\n\nLTC2991_T_INT_CH_NR is 4. The st-\u003etemp_en[] array has LTC2991_MAX_CHANNEL\n(4) elements. Thus if \"channel\" is equal to LTC2991_T_INT_CH_NR then we\nhave read one element beyond the end of the array. Flip the conditions\naround so that we check if \"channel\" is valid before using it as an array\nindex.",
"id": "GHSA-mx97-6hp9-h76q",
"modified": "2024-08-20T21:30:32Z",
"published": "2024-08-17T12:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43852"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/99bf7c2eccff82760fa23ce967cc67c8c219c6a6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c180311c0a520692e2d0e9ca44dcd6c2ff1b41c4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MX9G-MG46-CF6G
Vulnerability from github – Published: 2022-04-30 18:18 – Updated: 2024-02-08 03:32Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2001-1496"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2001-12-31T05:00:00Z",
"severity": "HIGH"
},
"details": "Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code.",
"id": "GHSA-mx9g-mg46-cf6g",
"modified": "2024-02-08T03:32:42Z",
"published": "2022-04-30T18:18:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2001-1496"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7595"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/241310"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/241953"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/3562"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MXVH-95QR-WW4V
Vulnerability from github – Published: 2022-04-29 01:26 – Updated: 2024-02-16 21:31Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions.
{
"affected": [],
"aliases": [
"CVE-2003-0356"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2003-06-09T04:00:00Z",
"severity": "HIGH"
},
"details": "Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions.",
"id": "GHSA-mxvh-95qr-ww4v",
"modified": "2024-02-16T21:31:28Z",
"published": "2022-04-29T01:26:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0356"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A69"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2003/dsa-313"
},
{
"type": "WEB",
"url": "http://www.ethereal.com/appnotes/enpa-sa-00009.html"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/641013"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:067"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2003-077.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
When copying character arrays or using character manipulation methods, the correct size parameter must be used to account for the null terminator that needs to be added at the end of the array. Some examples of functions susceptible to this weakness in C include strcpy(), strncpy(), strcat(), strncat(), printf(), sprintf(), scanf() and sscanf().
No CAPEC attack patterns related to this CWE.