CWE-193
AllowedOff-by-one Error
Abstraction: Base · Status: Draft
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
255 vulnerabilities reference this CWE, most recent first.
GHSA-QFGM-256J-RGHM
Vulnerability from github – Published: 2024-12-24 12:30 – Updated: 2025-01-09 18:32In the Linux kernel, the following vulnerability has been resolved:
usb: typec: ucsi: glink: fix off-by-one in connector_status
UCSI connector's indices start from 1 up to 3, PMIC_GLINK_MAX_PORTS. Correct the condition in the pmic_glink_ucsi_connector_status() callback, fixing Type-C orientation reporting for the third USB-C connector.
{
"affected": [],
"aliases": [
"CVE-2024-53149"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-24T12:15:23Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: glink: fix off-by-one in connector_status\n\nUCSI connector\u0027s indices start from 1 up to 3, PMIC_GLINK_MAX_PORTS.\nCorrect the condition in the pmic_glink_ucsi_connector_status()\ncallback, fixing Type-C orientation reporting for the third USB-C\nconnector.",
"id": "GHSA-qfgm-256j-rghm",
"modified": "2025-01-09T18:32:13Z",
"published": "2024-12-24T12:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53149"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4a22918810980897393fa1776ea3877e4baf8cca"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6ba6f7f29e0dff47a2799e60dcd1b5c29cd811a5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8a2273e5c1beb285729aa001422967b4711c53fe"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9a5a8b5bd72169aa7a8ec800ef57be2f2cb4d9b2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QVVC-RX46-M5X3
Vulnerability from github – Published: 2025-01-14 21:31 – Updated: 2025-01-14 21:31Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.
{
"affected": [],
"aliases": [
"CVE-2024-48854"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-14T19:15:31Z",
"severity": "MODERATE"
},
"details": "Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.",
"id": "GHSA-qvvc-rx46-m5x3",
"modified": "2025-01-14T21:31:47Z",
"published": "2025-01-14T21:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48854"
},
{
"type": "WEB",
"url": "https://support.blackberry.com/pkb/s/article/140334"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QX25-M2GM-9QRC
Vulnerability from github – Published: 2025-10-14 21:30 – Updated: 2025-10-14 21:30In the Linux kernel, the following vulnerability has been resolved:
mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)
If an mremap() syscall with old_size=0 ends up in move_page_tables(), it will call invalidate_range_start()/invalidate_range_end() unnecessarily, i.e. with an empty range.
This causes a WARN in KVM's mmu_notifier. In the past, empty ranges have been diagnosed to be off-by-one bugs, hence the WARNing. Given the low (so far) number of unique reports, the benefits of detecting more buggy callers seem to outweigh the cost of having to fix cases such as this one, where userspace is doing something silly. In this particular case, an early return from move_page_tables() is enough to fix the issue.
{
"affected": [],
"aliases": [
"CVE-2022-49077"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:00:45Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)\n\nIf an mremap() syscall with old_size=0 ends up in move_page_tables(), it\nwill call invalidate_range_start()/invalidate_range_end() unnecessarily,\ni.e. with an empty range.\n\nThis causes a WARN in KVM\u0027s mmu_notifier. In the past, empty ranges\nhave been diagnosed to be off-by-one bugs, hence the WARNing. Given the\nlow (so far) number of unique reports, the benefits of detecting more\nbuggy callers seem to outweigh the cost of having to fix cases such as\nthis one, where userspace is doing something silly. In this particular\ncase, an early return from move_page_tables() is enough to fix the\nissue.",
"id": "GHSA-qx25-m2gm-9qrc",
"modified": "2025-10-14T21:30:25Z",
"published": "2025-10-14T21:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49077"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/01e67e04c28170c47700c2c226d732bbfedb1ad0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/04bc13dae4a27b8d030843c85ae452bb2f1d9c1f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2358aa84ef6dafcf544a557caaa6b91afb4a0bd2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7d659cb1763ff17d1c6ee082fa6feb4267c7a30b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a04cb99c5d4668fe3f5c0e5b6da1cecd34c3f219"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a05540f3903bd8295e8c4cd90dd3d416239a115b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c19d8de4e682ec4b0ea2b04a832cd8cc0be3bb31"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e2c328c2a8f9de8b761bd4025b66c63120c55761"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/eeaf28e2a0128147d687237e59d5407ee1b14693"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RCFG-8MWJ-24G2
Vulnerability from github – Published: 2022-05-01 01:56 – Updated: 2025-04-03 04:15Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
{
"affected": [],
"aliases": [
"CVE-2005-1268"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2005-08-05T04:00:00Z",
"severity": "MODERATE"
},
"details": "Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.",
"id": "GHSA-rcfg-8mwj-24g2",
"modified": "2025-04-03T04:15:59Z",
"published": "2022-05-01T01:56:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-1268"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9589"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1747"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1714"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1346"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163013"
},
{
"type": "WEB",
"url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2005-582.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/19072"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/19185"
},
{
"type": "WEB",
"url": "http://securityreason.com/securityalert/604"
},
{
"type": "WEB",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1"
},
{
"type": "WEB",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2005/dsa-805"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:129"
},
{
"type": "WEB",
"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
},
{
"type": "WEB",
"url": "http://www.novell.com/linux/security/advisories/2005_46_apache.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/428138/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/14366"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2006/0789"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-RG88-8376-6JQQ
Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118.
{
"affected": [],
"aliases": [
"CVE-2010-1773"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-09-24T19:00:00Z",
"severity": "HIGH"
},
"details": "Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118.",
"id": "GHSA-rg88-8376-6jqq",
"modified": "2022-05-13T01:23:33Z",
"published": "2022-05-13T01:23:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1773"
},
{
"type": "WEB",
"url": "https://bugs.webkit.org/show_bug.cgi?id=39508"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596500"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11830"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=44955"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40072"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40557"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/41856"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43068"
},
{
"type": "WEB",
"url": "http://trac.webkit.org/changeset/59950"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/41575"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1801"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0552"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RHRF-XRQ9-3H4H
Vulnerability from github – Published: 2022-05-24 17:14 – Updated: 2022-05-24 17:14An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.
{
"affected": [],
"aliases": [
"CVE-2020-11765"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-04-14T23:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.",
"id": "GHSA-rhrf-xrq9-3h4h",
"modified": "2022-05-24T17:14:44Z",
"published": "2022-05-24T17:14:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11765"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1987"
},
{
"type": "WEB",
"url": "https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020"
},
{
"type": "WEB",
"url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-27"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211288"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211289"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211290"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211291"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211293"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211294"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT211295"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4339-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4755"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V222-HVCR-RGHC
Vulnerability from github – Published: 2026-06-26 21:32 – Updated: 2026-07-06 21:30In the Linux kernel, the following vulnerability has been resolved:
tty: hvc_iucv: fix off-by-one in number of supported devices
MAX_HVC_IUCV_LINES == HVC_ALLOC_TTY_ADAPTERS == 8. This is the number of entries in: static struct hvc_iucv_private *hvc_iucv_table[MAX_HVC_IUCV_LINES];
Sometimes hvc_iucv_table[] is limited by: (a) if (num > hvc_iucv_devices) // for error detection or (b) for (i = 0; i < hvc_iucv_devices; i++) // in 2 places (so these 2 don't agree; second one appears to be correct to me.)
hvc_iucv_devices can be 0..8. This is a counter. (c) if (hvc_iucv_devices > MAX_HVC_IUCV_LINES)
If hvc_iucv_devices == 8, (a) allows the code to access hvc_iucv_table[8]. Oops.
{
"affected": [],
"aliases": [
"CVE-2026-53306"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-26T20:17:23Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: hvc_iucv: fix off-by-one in number of supported devices\n\nMAX_HVC_IUCV_LINES == HVC_ALLOC_TTY_ADAPTERS == 8.\nThis is the number of entries in:\n static struct hvc_iucv_private *hvc_iucv_table[MAX_HVC_IUCV_LINES];\n\nSometimes hvc_iucv_table[] is limited by:\n(a)\tif (num \u003e hvc_iucv_devices) // for error detection\nor\n(b)\tfor (i = 0; i \u003c hvc_iucv_devices; i++) // in 2 places\n(so these 2 don\u0027t agree; second one appears to be correct to me.)\n\nhvc_iucv_devices can be 0..8. This is a counter.\n(c)\tif (hvc_iucv_devices \u003e MAX_HVC_IUCV_LINES)\n\nIf hvc_iucv_devices == 8, (a) allows the code to access hvc_iucv_table[8].\nOops.",
"id": "GHSA-v222-hvcr-rghc",
"modified": "2026-07-06T21:30:25Z",
"published": "2026-06-26T21:32:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53306"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/11207e42a332eb8bbcb9fe74df9edd2a807c5607"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3104a3f40feb107f77d7116ad9bf6c210ab7babf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3d3b89e6ab93bdd0efd45828bda6b0e61cc46dff"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/484357dff256c816d9466bda35eb765685e4dc86"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a76511bc654819425d3b15e77b523d7f9d81f064"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f1dc8e72de9aabe5d96767a4e97219ac26b79fe5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f2a880e802ad12d1e38039d1334fb1475d0f5241"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fed8b8f33a46db0ee2efdb000f4f630c86ed8ca4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V44F-645W-4JRH
Vulnerability from github – Published: 2022-03-03 00:00 – Updated: 2022-03-17 00:04An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file.
{
"affected": [],
"aliases": [
"CVE-2022-25051"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-02T00:15:00Z",
"severity": "MODERATE"
},
"details": "An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file.",
"id": "GHSA-v44f-645w-4jrh",
"modified": "2022-03-17T00:04:20Z",
"published": "2022-03-03T00:00:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25051"
},
{
"type": "WEB",
"url": "https://github.com/merbanan/rtl_433/issues/1960"
},
{
"type": "WEB",
"url": "https://github.com/merbanan/rtl_433/commit/2dad7b9fc67a1d0bfbe520fbd821678b8f8cc7a8"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/78eee103-bd61-4b4f-b054-04ad996b39e7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VFCH-2FR8-R5C2
Vulnerability from github – Published: 2022-08-25 00:00 – Updated: 2025-12-02 21:31A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
{
"affected": [],
"aliases": [
"CVE-2021-3999"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-24T16:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.",
"id": "GHSA-vfch-2fr8-r5c2",
"modified": "2025-12-02T21:31:24Z",
"published": "2022-08-25T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3999"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2022:0896"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2021-3999"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024637"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2021-3999"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20221104-0001"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=28769"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2022/01/24/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VG34-58MC-JR2W
Vulnerability from github – Published: 2022-05-17 02:01 – Updated: 2022-05-17 02:01Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg sequence.
{
"affected": [],
"aliases": [
"CVE-2011-1027"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-03-20T02:00:00Z",
"severity": "MODERATE"
},
"details": "Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg sequence.",
"id": "GHSA-vg34-58mc-jr2w",
"modified": "2022-05-17T02:01:29Z",
"published": "2022-05-17T02:01:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1027"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680905"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65919"
},
{
"type": "WEB",
"url": "http://article.gmane.org/gmane.comp.version-control.git/168493"
},
{
"type": "WEB",
"url": "http://hjemli.net/git/cgit/commit/?h=stable\u0026id=fc384b16fb9787380746000d3cea2d53fccc548e"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055896.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055898.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055966.html"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/03/07/3"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43633"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43788"
},
{
"type": "WEB",
"url": "http://www.osvdb.org/71005"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/46756"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0667"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
When copying character arrays or using character manipulation methods, the correct size parameter must be used to account for the null terminator that needs to be added at the end of the array. Some examples of functions susceptible to this weakness in C include strcpy(), strncpy(), strcat(), strncat(), printf(), sprintf(), scanf() and sscanf().
No CAPEC attack patterns related to this CWE.