CWE-193— Off-by-one Error
169 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-193page 4 of 4
- CVE-2026-21870MEDIUMCVSS 5.5EG 5.52026-02-13
BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter ca…
- CVE-2026-23256MEDIUMCVSS 5.5EG 5.52026-03-18
In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to the label setup_nic_dev_free on failure. T…
- CVE-2026-23257MEDIUMCVSS 5.5EG 5.52026-03-18
In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to the label setup_nic_dev_free on failure. T…
- CVE-2026-23951MEDIUMCVSS 5.5EG 5.52026-01-22
SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the validation code that only triggers with exactly 2 records, causing an integer underflow in the size calculation. This bug exists in PalmDbRead…
- CVE-2026-32605HIGHCVSS 7.5EG 7.52026-04-13
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal …
- CVE-2026-40254MEDIUMCVSS 4.2EG 4.22026-04-24
FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by-one in the path traversal filter in `channels/drive/client/drive_file.c`. The `contains_dotdot()` function catches `../` and `..\` mid…
- CVE-2026-40312MEDIUMCVSS 6.2EG 6.22026-04-13
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL decoder could result in a crash when a malicous MSL file is read. This issue has been…
- CVE-2026-41502HIGHCVSS 7.5EG 7.52026-04-24
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an off-by-one out-of-bounds read vulnerability in bacnet-stack's ReadPropertyMultiple service decoder allows unauthenticated remote attacke…
- CVE-2026-42015MEDIUMCVSS 5.3EG 5.32026-05-26
A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32…
- CVE-2026-43860LOWCVSS 3.7EG 3.72026-05-04
mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest.
- CVE-2026-43964LOWCVSS 3.7EG 3.72026-05-04
Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.
- CVE-2026-44065MEDIUMCVSS 4.2EG 4.22026-05-21
An off-by-two error in lp_write() in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data.
- CVE-2026-44603LOWCVSS 3.7EG 3.72026-05-07
Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007.
- CVE-2026-45232LOWCVSS 3.1EG 3.12026-05-20
Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy resp…
- CVE-2026-48689CRITICALCVSS 9.8EG 9.82026-05-26
FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffer, append_data_as_pointer, append_data_as_…
- CVE-2026-4887MEDIUMCVSS 6.1EG 6.12026-03-26
A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation co…
- CVE-2026-49127HIGHCVSS 8.6EG 8.62026-05-28
Music Player Daemon (MPD) before version 0.24.11 contains a stack buffer overflow vulnerability in the pcm_unpack_24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt stack memory by triggering an off-by-one w…
- CVE-2026-6861MEDIUMCVSS 6.1EG 6.12026-04-22
A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading Style Sheets) data. A local user could exploit this by convincing a v…
- CVE-2026-7572MEDIUMCVSS 4.4EG 4.42026-05-06
An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service (DoS) via a process crash by…
Map vulnerabilities like CWE-193 to your infrastructure
EchelonGraph correlates every CVE — across CWE-193 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →