CWE-193

Off-by-one Error

Parent: CWE-682 - Incorrect Calculation

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

198 vulnerabilities with CWE-193
CVE-2026-23256 MEDIUM
net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup
CVSS 5.5
CVE-2026-28520 HIGH
arduino-TuyaOpen WiFiMulti Single-Byte Buffer Overflow Remote Code Execution
CVSS 8.4
CVE-2026-31988 MEDIUM
yauzl 3.2.0 - Denial of Service via Off-by-One Error in NTFS Timestamp Parser
CVSS 5.3
CVE-2026-26309 MEDIUM
Envoy < 1.37.1, 1.36.5, 1.35.8, 1.34.13 - Off-by-one Write in JsonEscaper
CVSS 5.3
CVE-2026-25989 HIGH
ImageMagick <7.1.2-15/6.9.13-40 - DoS
CVSS 7.5
CVE-2026-2703 LOW
xlnt-community xlnt <=1.6.1 - Memory Corruption
CVSS 3.3
CVE-2026-21870 MEDIUM
BACnet Protocol Stack <1.5.0.rc2 - Buffer Overflow
CVSS 5.5
CVE-2026-23951 MEDIUM
SumatraPDF - Out-of-bounds Read in PalmDbReader Mobi File Handling
CVSS 5.5
CVE-2026-21504 MEDIUM
iccDEV < 2.3.1.2 - Heap-based Buffer Overflow in ToneMap Parser
CVSS 6.6
CVE-2026-21494 MEDIUM
iccDEV < 2.3.1.2 - Heap-based Buffer Overflow in CIccTagLut8::Validate()
CVSS 6.1
CVE-2026-21491 MEDIUM
iccDEV < 2.3.1.2 - Heap-based Buffer Overflow in CIccTagTextDescription
CVSS 6.1
CVE-2026-21490 MEDIUM
iccDEV < 2.3.1.2 - Heap-based Buffer Overflow in CIccTagLut16::Validate()
CVSS 6.1
CVE-2025-71161 MEDIUM
Linux Kernel 4.5-6.18.6 - Denial of Service via dm-verity Recursive Forward Error Correction
CVSS 5.5
CVE-2025-71087 MEDIUM
Linux Kernel 4.7.0-6.18.3 - Memory Corruption via iavf_config_rss_reg() Off-by-One Error
CVSS 5.5
CVE-2025-11215 MEDIUM
Google Chrome <141.0.7390.54 - Memory Corruption
CVSS 4.3
CVE-2025-4582 HIGH
RTI Connext Professional Buffer Over-read in Core Libraries
CVSS 7.1
CVE-2025-38600 MEDIUM
Linux Kernel - Off-by-one Error in mt7925_mcu_hw_scan
CVSS 5.5
CVE-2025-54349 MEDIUM
iperf3 3.2-3.19.1 - Heap-Based Buffer Overflow via Off-by-One Error
CVSS 6.5
CVE-2025-53014 LOW
ImageMagick < 6.9.13-26 - Out-of-bounds Read in InterpretImageFilename
CVSS 3.7
CVE-2025-52497 MEDIUM
Mbed TLS < 3.6.4 - Heap-Based Buffer Underflow via PEM Parsing
CVSS 4.8
CVE-2025-47711 MEDIUM
nbdkit - Denial of Service via Large Data Block Response
CVSS 6.5
CVE-2025-23150 MEDIUM
Linux Kernel - Use-After-Free via Off-by-One Error in ext4 do_split
CVSS 5.5
CVE-2025-43973 MEDIUM
GoBGP < 3.35.0 - Off-by-one Error in RTR Message Length Handling
CVSS 6.8
CVE-2025-43971 HIGH
GoBGP < 3.35.0 - Denial of Service via Zero softwareVersionLen
CVSS 8.6
CVE-2025-37893 MEDIUM
Linux Kernel 6.1-6.1.133, 6.1.0-6.6.86, 6.7.0-6.12.22, 6.13.0-6.13.10, 6.14.0-6.14.1 - BPF JIT Off-by-one Error
CVSS 5.5
Details
Vulnerabilities 198
Links
MITRE CWE Entry Search this CWE With Exploits