CVEbaza.plSłownik CWECWE-193
Common Weakness Enumeration

CWE-193

Off-by-one Error

Kategoria: BaseCVE: 243
Opis

Produkt oblicza lub używa nieprawidłową wartość maksymalną lub minimalną, która jest o 1 większa lub o 1 mniejsza od prawidłowej wartości. Tego typu błędy powodują niedokładne przetwarzanie danych i mogą prowadzić do nieoczekiwanych zachowań programu.

Description (EN)

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

Podatności CVE z CWE-193 (243)
10.0
CVSS
CRITICAL
CVE-2024-10442

Krytyczna podatność typu off-by-one error w komponencie transmisji usług Synology Replication Service oraz Synology Unified Controller umożliwia zdalnym atakującym wykonanie dowolnego kodu bez uwierzytelnienia. Podatność uzyskała maksymalny wynik CVSS 10.0, co wskazuje na możliwość szerokiego wpływu na cały system.

pub. 2025-03-19
9.8
CVSS
CRITICAL
CVE-2026-48689

FastNetMon Community Edition w wersji do 1.2.9 zawiera błąd off-by-one prowadzący do heap-based buffer overflow w klasie dynamic_binary_buffer_t. Podatność pozwala atakującemu na zdalne wykonanie kodu przez wysłanie spreparowanego ruchu sieciowego do instancji FastNetMon.

pub. 2026-05-26
9.8
CVSS
CRITICAL
CVE-2006-10003

Biblioteka XML::Parser dla języka Perl w wersjach do 2.47 zawiera błąd off-by-one prowadzący do przepełnienia bufora na stercie (heap buffer overflow). Podatność umożliwia atakującemu zdalnie wykonanie dowolnego kodu bez żadnego uwierzytelnienia.

pub. 2026-03-19
9.8
CVSS
CRITICAL
CVE-2024-38441

Podatność w Netatalk przed wersją 3.2.1 powoduje przepełnienie bufora sterty (heap-based buffer overflow) wynikające z błędu off-by-one w funkcji FPMapName. Luka umożliwia zdalnemu, nieuwierzytelnionemu atakującemu przejęcie kontroli nad systemem, co czyni ją krytyczną.

pub. 2024-06-16
9.8
CVSS
CRITICAL
CVE-2023-46853

In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n.

pub. 2023-10-27
9.8
CVSS
CRITICAL
CVE-2023-38429

An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access.

pub. 2023-07-18
9.8
CVSS
CRITICAL
CVE-2023-30546

Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System (CFS) backend for the storage of data (file os/storage/antelope/storage-cfs.c). In the functions `storage_get_index` and `storage_put_index`, a buffer for merging two strings is allocated with one byte less than the maximum size of the merged strings, causing subsequent function calls to the cfs_open function to read from memory beyond the buffer size. The vulnerability has been patched in the "develop" branch of Contiki-NG, and is expected to be included in the next release. As a workaround, the problem can be fixed by applying the patch in Contiki-NG pull request #2425.

pub. 2023-04-26
9.8
CVSS
CRITICAL
CVE-2022-34970

Crow before 1.0+4 has a heap-based buffer overflow via the function qs_parse in query_string.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service.

pub. 2022-08-04
9.8
CVSS
CRITICAL
CVE-2021-21938

A heap-based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

pub. 2022-04-14
9.8
CVSS
CRITICAL
CVE-2022-24988

In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-by-one buffer overflow for a vector.

pub. 2022-02-14
9.8
CVSS
CRITICAL
CVE-2021-31875

In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow. NOTE: the original reporter disputes the significance of this finding because "there isn’t very much of an opportunity to exploit this reliably for an information leak, so there isn’t any real security impact."

pub. 2021-04-29
9.8
CVSS
CRITICAL
CVE-2020-14510

GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root.

pub. 2020-08-25
9.8
CVSS
CRITICAL
CVE-2020-8443

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted).

pub. 2020-01-30
9.8
CVSS
CRITICAL
CVE-2020-6835

An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-transfer error checking.

pub. 2020-01-10
9.8
CVSS
CRITICAL
CVE-2019-14532

An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table.

pub. 2019-08-02
9.8
CVSS
CRITICAL
CVE-2019-8268

UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207.

pub. 2019-03-08
9.8
CVSS
CRITICAL
CVE-2019-8272

UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.

pub. 2019-03-08
9.8
CVSS
CRITICAL
CVE-2018-14599

An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.

pub. 2018-08-24
9.8
CVSS
CRITICAL
CVE-2018-8828

A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretran function in modules/tmx/tmx_pretran.c.

pub. 2018-03-20
9.8
CVSS
CRITICAL
CVE-2016-10160

Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.

pub. 2017-01-24
Pokazano 20 z 243 podatności
Informacje
ID: CWE-193
Typ: Base
Podatności: 243
MITRE CWE ↗
← Słownik CWE
CWE-193 — Błąd przesunięcia o jeden (Off-by-one Error) | Słownik CWE | CVEbaza.pl