CWE-193 - Off-by-one Error

Description

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high. If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur. This weakness can trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program's implicit security policy. The weakness is introduced during Implementation stage.

Latest vulnerabilities for CWE-193

Multiple vulnerabilities in IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 2024-04-15
High Yes

Multiple vulnerabilities in Netcool Operations Insight 2024-04-03
High Yes

Denial of service in libvirt 2024-03-12
Low Yes

Multiple vulnerabilities in IBM Automation Decision Services 2024-03-11
High Yes

Multiple vulnerabilities in IBM Cloud Pak for Business Automation 2024-03-04
High Yes

Off-by-one in IBM Maximo Application Suite - Edge Data Collector Component 2024-03-04
High Yes

Multiple vulnerabilities in IBM App Connect Enterprise Certified Container 2024-02-13
High Yes

Local denial of service in Linux kernel rds 2024-02-01
Low Yes

Multiple vulnerabilities in GNU Glibc 2024-01-31
Low Yes

Multiple vulnerabilities in IBM Cloud Pak for Network Automation 2024-01-11
High Yes

References

Description of CWE-193 on Mitre website