CWE-193
AllowedOff-by-one Error
Abstraction: Base · Status: Draft
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
256 vulnerabilities reference this CWE, most recent first.
GHSA-6M97-7527-MH74
Vulnerability from github – Published: 2023-12-13 13:18 – Updated: 2024-11-22 20:41Impact
contracts containing large arrays might underallocate the number of slots they need. prior to v0.3.8, the calculation to determine how many slots a storage variable needed used math.ceil(type_.size_in_bytes / 32):
https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197
the intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. roughly speaking, if type_.size_in_bytes is large (> 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed. if type_.size_in_bytes is slightly more than a power of 2, the calculation can underestimate how many slots are needed.
the following two example contracts can result in overwriting of the variable vulnerable:
large_array: address[2**64 + 1] # type_.size_in_bytes == 32 * (2**64 + 1); math.ceil(type_.size_in_bytes / 32) < 2**64 + 1
vulnerable: uint256
# writing to self.large_array[2**64] will overwrite self.vulnerable
large_dynarray: DynArray[address, 2**64] # Dynarray has a length word in front, its size in bytes is 32 * (2**64 + 1)
vulnerable: uint256
# writing to self.large_dynarray[2**64 - 1] will overwrite self.vulnerable
note that in the latter case, the risk of vulnerable being overwritten is relatively small, since it would cost roughly $1.45 million trillion USD at today's gas prices (gas price 20gwei, ETH ~= $1800) in order to extend the DynArray to its full container size.
Patches
patched by v0.3.8, specifically in commit https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.3.7"
},
"package": {
"ecosystem": "PyPI",
"name": "vyper"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-46247"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": true,
"github_reviewed_at": "2023-12-13T13:18:52Z",
"nvd_published_at": "2023-12-13T20:15:49Z",
"severity": "HIGH"
},
"details": "### Impact\ncontracts containing large arrays might underallocate the number of slots they need. prior to v0.3.8, the calculation to determine how many slots a storage variable needed used `math.ceil(type_.size_in_bytes / 32)`:\n\nhttps://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197\n\nthe intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. roughly speaking, if `type_.size_in_bytes` is large (\u003e 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed. if `type_.size_in_bytes` is slightly more than a power of 2, the calculation can underestimate how many slots are needed.\n\nthe following two example contracts can result in overwriting of the variable `vulnerable`:\n```vyper\nlarge_array: address[2**64 + 1] # type_.size_in_bytes == 32 * (2**64 + 1); math.ceil(type_.size_in_bytes / 32) \u003c 2**64 + 1\nvulnerable: uint256\n\n# writing to self.large_array[2**64] will overwrite self.vulnerable\n```\n```vyper\nlarge_dynarray: DynArray[address, 2**64] # Dynarray has a length word in front, its size in bytes is 32 * (2**64 + 1)\nvulnerable: uint256\n\n# writing to self.large_dynarray[2**64 - 1] will overwrite self.vulnerable\n```\n\nnote that in the latter case, the risk of `vulnerable` being overwritten is relatively small, since it would cost roughly $1.45 million trillion USD at today\u0027s gas prices (gas price 20gwei, ETH ~= $1800) in order to extend the DynArray to its full container size.\n\n### Patches\npatched by v0.3.8, specifically in commit https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb.",
"id": "GHSA-6m97-7527-mh74",
"modified": "2024-11-22T20:41:02Z",
"published": "2023-12-13T13:18:52Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46247"
},
{
"type": "WEB",
"url": "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/vyper/PYSEC-2023-307.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/vyperlang/vyper"
},
{
"type": "WEB",
"url": "https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "incorrect storage layout for contracts containing large arrays"
}
GHSA-6MX7-79GG-F646
Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2022-05-24 16:52An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table.
{
"affected": [],
"aliases": [
"CVE-2019-14532"
],
"database_specific": {
"cwe_ids": [
"CWE-191",
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-02T15:15:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table.",
"id": "GHSA-6mx7-79gg-f646",
"modified": "2022-05-24T16:52:21Z",
"published": "2022-05-24T16:52:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14532"
},
{
"type": "WEB",
"url": "https://github.com/sleuthkit/sleuthkit/issues/1575"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EY53OYU7UZLAJWNIVVNR3EX2RNCCFTB"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQR2QY3IAF2IG6HGBSKGL66VUDOTC3OA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFQKIE5U3LS5U7POPGS7YHLUSW2URWGJ"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6XW6-4HXH-3V2W
Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-05-24 17:48A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS domain name label parsing functionality does not properly validate the null-terminated name in DNS-responses. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the read memory.
{
"affected": [],
"aliases": [
"CVE-2020-27736"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-170",
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-22T21:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in Nucleus 4 (All versions \u003c V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions \u003c V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions \u003c V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS domain name label parsing functionality does not properly validate the null-terminated name in DNS-responses. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the read memory.",
"id": "GHSA-6xw6-4hxh-3v2w",
"modified": "2022-05-24T17:48:18Z",
"published": "2022-05-24T17:48:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27736"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-774M-FHGF-HRHC
Vulnerability from github – Published: 2022-04-29 01:26 – Updated: 2024-02-15 21:31Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response.
{
"affected": [],
"aliases": [
"CVE-2003-0625"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2003-08-27T04:00:00Z",
"severity": "MODERATE"
},
"details": "Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server\u0027s response.",
"id": "GHSA-774m-fhgf-hrhc",
"modified": "2024-02-15T21:31:22Z",
"published": "2022-04-29T01:26:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0625"
},
{
"type": "WEB",
"url": "http://developer.berlios.de/forum/forum.php?forum_id=2819"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=105941103709264\u0026w=2"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2003/dsa-360"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/8255"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7HCC-G6HM-H786
Vulnerability from github – Published: 2022-04-30 18:17 – Updated: 2024-02-02 03:30Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory.
{
"affected": [],
"aliases": [
"CVE-2001-1391"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2001-04-17T04:00:00Z",
"severity": "LOW"
},
"details": "Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory.",
"id": "GHSA-7hcc-g6hm-h786",
"modified": "2024-02-02T03:30:27Z",
"published": "2022-04-30T18:17:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2001-1391"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11162"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2001/dsa-047"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=98575345009963\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=98637996127004\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=98653252326445\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=98684172109474\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=98759029811377\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=98775114228203\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=99013830726309\u0026w=2"
},
{
"type": "WEB",
"url": "http://www.linux.org.uk/VERSION/relnotes.2219.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2001-047.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7HCX-RXP8-J55G
Vulnerability from github – Published: 2022-05-01 17:59 – Updated: 2025-04-09 03:40Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.
{
"affected": [],
"aliases": [
"CVE-2007-2052"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2007-04-16T22:19:00Z",
"severity": "MODERATE"
},
"details": "Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.",
"id": "GHSA-7hcx-rxp8-j55g",
"modified": "2025-04-09T03:40:15Z",
"published": "2022-05-01T17:59:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2052"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34060"
},
{
"type": "WEB",
"url": "https://issues.rpath.com/browse/RPL-1358"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934"
},
{
"type": "WEB",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/25190"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/25217"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/25233"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/25353"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/25787"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/28027"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/28050"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29032"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29303"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29889"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/31255"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/31492"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/37471"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2008/dsa-1551"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2008/dsa-1620"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:099"
},
{
"type": "WEB",
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"type": "WEB",
"url": "http://www.python.org/download/releases/2.5.1/NEWS.txt"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1077.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/469294/30/6450/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/23887"
},
{
"type": "WEB",
"url": "http://www.trustix.org/errata/2007/0019"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-585-1"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/1465"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/0637"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/3316"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-7M35-VW2C-696V
Vulnerability from github – Published: 2025-04-21 03:30 – Updated: 2026-03-12 17:22An issue was discovered in GoBGP before 3.35.0 (introduced in v3.11.0). pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/osrg/gobgp/v3"
},
"ranges": [
{
"events": [
{
"introduced": "3.11.0"
},
{
"fixed": "3.35.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-43971"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-21T21:55:26Z",
"nvd_published_at": "2025-04-21T01:15:45Z",
"severity": "HIGH"
},
"details": "An issue was discovered in GoBGP before 3.35.0 (introduced in v3.11.0). pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.",
"id": "GHSA-7m35-vw2c-696v",
"modified": "2026-03-12T17:22:08Z",
"published": "2025-04-21T03:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43971"
},
{
"type": "WEB",
"url": "https://github.com/osrg/gobgp/commit/08a001e06d90e8bcc190084c66992f46f62c0986"
},
{
"type": "PACKAGE",
"url": "https://github.com/osrg/gobgp"
},
{
"type": "WEB",
"url": "https://github.com/osrg/gobgp/compare/v3.34.0...v3.35.0"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2025-43971"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "GoBGP panics due to a zero value for softwareVersionLen"
}
GHSA-83P9-MCPM-374V
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
{
"affected": [],
"aliases": [
"CVE-2021-23017"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-01T13:15:00Z",
"severity": "CRITICAL"
},
"details": "A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.",
"id": "GHSA-83p9-mcpm-374v",
"modified": "2022-05-24T19:03:49Z",
"published": "2022-05-24T19:03:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23017"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009@%3Cnotifications.apisix.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f@%3Cnotifications.apisix.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba@%3Cnotifications.apisix.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31@%3Cnotifications.apisix.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c@%3Cnotifications.apisix.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210708-0006"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K12331123,"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-8499-WHQ2-XRRF
Vulnerability from github – Published: 2026-05-04 09:31 – Updated: 2026-05-04 09:31mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest.
{
"affected": [],
"aliases": [
"CVE-2026-43860"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-04T07:16:00Z",
"severity": "LOW"
},
"details": "mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest.",
"id": "GHSA-8499-whq2-xrrf",
"modified": "2026-05-04T09:31:09Z",
"published": "2026-05-04T09:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43860"
},
{
"type": "WEB",
"url": "https://github.com/muttmua/mutt/commit/834c5a2ed0479e51e8662a31caed129f136f4805"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-84G5-X8J3-7235
Vulnerability from github – Published: 2026-04-29 22:22 – Updated: 2026-04-29 22:22Summary
Rules could be bypassed by changing the first character: example.com could be be bypassed by e.g. fxample.com.
Details
Off-by-one error in the suffixtrie implementation.
Impact
The domain filter could be bypassed. Please note that DNS filtering alone is not enough to block malicious traffic.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/tinfoil-factory/netfoil"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-183",
"CWE-193"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-29T22:22:16Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\nRules could be bypassed by changing the first character: `example.com` could be be bypassed by e.g. `fxample.com`.\n\n### Details\nOff-by-one error in the suffixtrie implementation.\n\n### Impact\nThe domain filter could be bypassed. Please note that DNS filtering alone is not enough to block malicious traffic.",
"id": "GHSA-84g5-x8j3-7235",
"modified": "2026-04-29T22:22:16Z",
"published": "2026-04-29T22:22:16Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tinfoil-factory/netfoil/security/advisories/GHSA-84g5-x8j3-7235"
},
{
"type": "WEB",
"url": "https://github.com/tinfoil-factory/netfoil/commit/0ca054acf97b011e4fdd40392475c7786b975ec3"
},
{
"type": "PACKAGE",
"url": "https://github.com/tinfoil-factory/netfoil"
},
{
"type": "WEB",
"url": "https://github.com/tinfoil-factory/netfoil/releases/tag/v0.2.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Netfoil has incorrect allowlist enforcement"
}
Mitigation
When copying character arrays or using character manipulation methods, the correct size parameter must be used to account for the null terminator that needs to be added at the end of the array. Some examples of functions susceptible to this weakness in C include strcpy(), strncpy(), strcat(), strncat(), printf(), sprintf(), scanf() and sscanf().
No CAPEC attack patterns related to this CWE.