Common Weakness Enumeration

CWE-193

Allowed

Off-by-one Error

Abstraction: Base · Status: Draft

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

256 vulnerabilities reference this CWE, most recent first.

GHSA-8745-Q6HH-2437

Vulnerability from github – Published: 2025-03-19 03:30 – Updated: 2025-03-19 03:30
VLAI
Details

Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-10442"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-193"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-19T03:15:11Z",
    "severity": "CRITICAL"
  },
  "details": "Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors.",
  "id": "GHSA-8745-q6hh-2437",
  "modified": "2025-03-19T03:30:35Z",
  "published": "2025-03-19T03:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10442"
    },
    {
      "type": "WEB",
      "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_22"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-899X-JHM8-PC3M

Vulnerability from github – Published: 2022-04-29 02:57 – Updated: 2024-02-02 03:30
VLAI
Details

Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2004-0346"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-193"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2004-11-23T05:00:00Z",
    "severity": "HIGH"
  },
  "details": "Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command.",
  "id": "GHSA-899x-jhm8-pc3m",
  "modified": "2024-02-02T03:30:30Z",
  "published": "2022-04-29T02:57:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0346"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15387"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=107824679817240\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/9782"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8G6H-GJ49-CM84

Vulnerability from github – Published: 2022-05-02 03:22 – Updated: 2022-05-02 03:22
VLAI
Details

Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2009-1217"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-193"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-04-01T18:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the \"Microsoft GdiPlus EMF GpFont.SetData integer overflow.\"",
  "id": "GHSA-8g6h-gj49-cm84",
  "modified": "2022-05-02T03:22:45Z",
  "published": "2022-05-02T03:22:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1217"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49438"
    },
    {
      "type": "WEB",
      "url": "http://bl4cksecurity.blogspot.com/2009/03/microsoft-gdiplus-emf-gpfontsetdata.html"
    },
    {
      "type": "WEB",
      "url": "http://blogs.technet.com/srd/archive/2009/03/26/new-emf-gdiplus-dll-crash-not-exploitable-for-code-execution.aspx"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34250"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/0832"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-8P7J-VHGR-RCW5

Vulnerability from github – Published: 2026-06-25 21:31 – Updated: 2026-06-25 21:31
VLAI
Details

RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit this vulnerability by sending malicious SSR correction streams over NTRIP or serial connections to cause denial of service or crash RTKLIB rovers and CORS servers.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-56787"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-193"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-25T19:16:45Z",
    "severity": "MODERATE"
  },
  "details": "RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit this vulnerability by sending malicious SSR correction streams over NTRIP or serial connections to cause denial of service or crash RTKLIB rovers and CORS servers.",
  "id": "GHSA-8p7j-vhgr-rcw5",
  "modified": "2026-06-25T21:31:30Z",
  "published": "2026-06-25T21:31:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56787"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tomojitakasu/RTKLIB/issues/798"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/rtklib-off-by-one-out-of-bounds-read-in-decode-ssr3-via-rtcm3-ssr-message"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-8XX8-QRH3-Q8MQ

Vulnerability from github – Published: 2025-08-03 03:30 – Updated: 2025-11-03 21:34
VLAI
Details

In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-54349"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-193"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-03T02:15:35Z",
    "severity": "MODERATE"
  },
  "details": "In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow.",
  "id": "GHSA-8xx8-qrh3-q8mq",
  "modified": "2025-11-03T21:34:17Z",
  "published": "2025-08-03T03:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54349"
    },
    {
      "type": "WEB",
      "url": "https://github.com/esnet/iperf/commit/4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/esnet/iperf/releases/tag/3.19.1"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00020.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-94J5-29M8-F8JQ

Vulnerability from github – Published: 2024-09-05 06:31 – Updated: 2024-09-05 15:33
VLAI
Details

An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller.

A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-32668"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-193",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-05T05:15:13Z",
    "severity": "HIGH"
  },
  "details": "An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller.\n\nA malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.",
  "id": "GHSA-94j5-29m8-f8jq",
  "modified": "2024-09-05T15:33:35Z",
  "published": "2024-09-05T06:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32668"
    },
    {
      "type": "WEB",
      "url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:12.bhyve.asc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9P8Q-J6Q5-MJW8

Vulnerability from github – Published: 2022-02-15 00:02 – Updated: 2022-02-25 15:29
VLAI
Summary
Buffer Overflow in galois_2p8
Details

In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-by-one buffer overflow for a vector.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "galois_2p8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-24988"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-120",
      "CWE-193"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-02-25T15:29:16Z",
    "nvd_published_at": "2022-02-14T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-by-one buffer overflow for a vector.",
  "id": "GHSA-9p8q-j6q5-mjw8",
  "modified": "2022-02-25T15:29:16Z",
  "published": "2022-02-15T00:02:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24988"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/djsweet/galois_2p8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/djsweet/galois_2p8/blob/master/CHANGELOG.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Buffer Overflow in galois_2p8"
}

GHSA-9R6Q-3R52-HH42

Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2024-10-25 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix off by one issue in alloc_flex_gd()

Wesley reported an issue:

================================================================== EXT4-fs (dm-5): resizing filesystem from 7168 to 786432 blocks ------------[ cut here ]------------ kernel BUG at fs/ext4/resize.c:324! CPU: 9 UID: 0 PID: 3576 Comm: resize2fs Not tainted 6.11.0+ #27 RIP: 0010:ext4_resize_fs+0x1212/0x12d0 Call Trace: __ext4_ioctl+0x4e0/0x1800 ext4_ioctl+0x12/0x20 __x64_sys_ioctl+0x99/0xd0 x64_sys_call+0x1206/0x20d0 do_syscall_64+0x72/0x110 entry_SYSCALL_64_after_hwframe+0x76/0x7e ==================================================================

While reviewing the patch, Honza found that when adjusting resize_bg in alloc_flex_gd(), it was possible for flex_gd->resize_bg to be bigger than flexbg_size.

The reproduction of the problem requires the following:

o_group = flexbg_size * 2 * n; o_size = (o_group + 1) * group_size; n_group: [o_group + flexbg_size, o_group + flexbg_size * 2) o_size = (n_group + 1) * group_size;

Take n=0,flexbg_size=16 as an example:

          last:15

|o---------------|--------------n-| o_group:0 resize to n_group:30

The corresponding reproducer is:

img=test.img rm -f $img truncate -s 600M $img mkfs.ext4 -F $img -b 1024 -G 16 8M dev=losetup -f --show $img mkdir -p /tmp/test mount $dev /tmp/test resize2fs $dev 248M

Delete the problematic plus 1 to fix the issue, and add a WARN_ON_ONCE() to prevent the issue from happening again.

[ Note: another reproucer which this commit fixes is:

img=test.img rm -f $img truncate -s 25MiB $img mkfs.ext4 -b 4096 -E nodiscard,lazy_itable_init=0,lazy_journal_init=0 $img truncate -s 3GiB $img dev=losetup -f --show $img mkdir -p /tmp/test mount $dev /tmp/test resize2fs $dev 3G umount $dev losetup -d $dev

-- TYT ]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49880"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-193"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T18:15:10Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix off by one issue in alloc_flex_gd()\n\nWesley reported an issue:\n\n==================================================================\nEXT4-fs (dm-5): resizing filesystem from 7168 to 786432 blocks\n------------[ cut here ]------------\nkernel BUG at fs/ext4/resize.c:324!\nCPU: 9 UID: 0 PID: 3576 Comm: resize2fs Not tainted 6.11.0+ #27\nRIP: 0010:ext4_resize_fs+0x1212/0x12d0\nCall Trace:\n __ext4_ioctl+0x4e0/0x1800\n ext4_ioctl+0x12/0x20\n __x64_sys_ioctl+0x99/0xd0\n x64_sys_call+0x1206/0x20d0\n do_syscall_64+0x72/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n==================================================================\n\nWhile reviewing the patch, Honza found that when adjusting resize_bg in\nalloc_flex_gd(), it was possible for flex_gd-\u003eresize_bg to be bigger than\nflexbg_size.\n\nThe reproduction of the problem requires the following:\n\n o_group = flexbg_size * 2 * n;\n o_size = (o_group + 1) * group_size;\n n_group: [o_group + flexbg_size, o_group + flexbg_size * 2)\n o_size = (n_group + 1) * group_size;\n\nTake n=0,flexbg_size=16 as an example:\n\n              last:15\n|o---------------|--------------n-|\no_group:0    resize to      n_group:30\n\nThe corresponding reproducer is:\n\nimg=test.img\nrm -f $img\ntruncate -s 600M $img\nmkfs.ext4 -F $img -b 1024 -G 16 8M\ndev=`losetup -f --show $img`\nmkdir -p /tmp/test\nmount $dev /tmp/test\nresize2fs $dev 248M\n\nDelete the problematic plus 1 to fix the issue, and add a WARN_ON_ONCE()\nto prevent the issue from happening again.\n\n[ Note: another reproucer which this commit fixes is:\n\n  img=test.img\n  rm -f $img\n  truncate -s 25MiB $img\n  mkfs.ext4 -b 4096 -E nodiscard,lazy_itable_init=0,lazy_journal_init=0 $img\n  truncate -s 3GiB $img\n  dev=`losetup -f --show $img`\n  mkdir -p /tmp/test\n  mount $dev /tmp/test\n  resize2fs $dev 3G\n  umount $dev\n  losetup -d $dev\n\n  -- TYT ]",
  "id": "GHSA-9r6q-3r52-hh42",
  "modified": "2024-10-25T15:31:25Z",
  "published": "2024-10-21T18:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49880"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0d80d2b8bf613398baf7185009e35f9d0459ecb0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6121258c2b33ceac3d21f6a221452692c465df88"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/acb559d6826116cc113598640d105094620c2526"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9VQ4-862J-5VX8

Vulnerability from github – Published: 2023-07-18 00:31 – Updated: 2025-01-03 12:30
VLAI
Details

An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38429"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-193"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-18T00:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access.",
  "id": "GHSA-9vq4-862j-5vx8",
  "modified": "2025-01-03T12:30:30Z",
  "published": "2023-07-18T00:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38429"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/ksmbd?id=443d61d1fa9faa60ef925513d83742902390100f"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250103-0009"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9WMV-XX8C-X6QW

Vulnerability from github – Published: 2022-04-21 01:57 – Updated: 2024-03-21 03:33
VLAI
Details

In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an off by one (buffer overflow) problem.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2010-5331"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-193"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-27T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an off by one (buffer overflow) problem.",
  "id": "GHSA-9wmv-xx8c-x6qw",
  "modified": "2024-03-21T03:33:41Z",
  "published": "2022-04-21T01:57:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-5331"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/0031c41be5c529f8329e327b63cde92ba1284842"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-5331"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0031c41be5c529f8329e327b63cde92ba1284842"
    },
    {
      "type": "WEB",
      "url": "https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K33183814?utm_source=f5support\u0026amp%3Butm_medium=RSS"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K33183814?utm_source=f5support\u0026amp;utm_medium=RSS"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

When copying character arrays or using character manipulation methods, the correct size parameter must be used to account for the null terminator that needs to be added at the end of the array. Some examples of functions susceptible to this weakness in C include strcpy(), strncpy(), strcat(), strncat(), printf(), sprintf(), scanf() and sscanf().

No CAPEC attack patterns related to this CWE.