目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CWE-193 Off-by-one错误 类漏洞列表 64

CWE-193 Off-by-one错误 类弱点 64 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-193 属于边界计算错误,指软件在计算或使用时,最大值或最小值偏离正确值一个单位。攻击者常利用此缺陷触发缓冲区溢出或逻辑绕过,从而执行恶意代码或破坏系统完整性。开发者应避免此类问题,需严格验证边界条件,使用安全的数组访问函数,并在代码审查中重点关注循环终止条件和索引计算逻辑,确保数值处理精确无误。

MITRE CWE 官方描述
CWE:CWE-193 Off-by-one Error 英文:产品计算或使用了一个错误的最大值或最小值,该值比正确值大 1 或小 1。
常见影响 (3)
AvailabilityDoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Instability
This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high.
IntegrityModify Memory
If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur.
Confidentiality, Availability, Access ControlExecute Unauthorized Code or Commands, Bypass Protection Mechanism
This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program's implicit security policy.
缓解措施 (1)
ImplementationWhen copying character arrays or using character manipulation methods, the correct size parameter must be used to account for the null terminator that needs to be added at the end of the array. Some examples of functions susceptible to this weakness in C include strcpy(), strncpy(), strcat(), strncat(), printf(), sprintf(), scanf() and sscanf().
代码示例 (2)
The following code allocates memory for a maximum number of widgets. It then gets a user-specified number of widgets, making sure that the user does not request too many. It then initializes the elements of the array using InitializeWidget(). Because the number of widgets can vary for each request, the code inserts a NULL pointer to signify the location of the last widget.
int i; unsigned int numWidgets; Widget **WidgetList; numWidgets = GetUntrustedSizeValue(); if ((numWidgets == 0) || (numWidgets > MAX_NUM_WIDGETS)) { ExitError("Incorrect number of widgets requested!"); } WidgetList = (Widget **)malloc(numWidgets * sizeof(Widget *)); printf("WidgetList ptr=%p\n", WidgetList); for(i=0; i<numWidgets; i++) { WidgetList[i] = InitializeWidget(); } WidgetList[numWidgets] = NULL; showWidgets(WidgetList);
Bad · C
In this example, the code does not account for the terminating null character, and it writes one byte beyond the end of the buffer.
char firstname[20]; char lastname[20]; char fullname[40]; fullname[0] = '\0'; strncat(fullname, firstname, 20); strncat(fullname, lastname, 20);
Bad · C
char firstname[20]; char lastname[20]; char fullname[40]; fullname[0] = '\0'; strncat(fullname, firstname, sizeof(fullname)-strlen(fullname)-1); strncat(fullname, lastname, sizeof(fullname)-strlen(fullname)-1);
Good · C
CVE ID标题CVSS风险等级Published
CVE-2026-54410 Valerio De Benedetto nanoMODBUS 数字错误漏洞 — nanoMODBUS 8.6 High2026-06-14
CVE-2026-46559 ImageMagick 安全漏洞 — ImageMagick 4.0 Medium2026-06-10
CVE-2026-49127 Music Player Daemon 安全漏洞 — MPD 8.6 High2026-05-28
CVE-2026-42015 GnuTLS 安全漏洞 — Red Hat Enterprise Linux 10 5.3 Medium2026-05-26
CVE-2026-44065 Netatalk 安全漏洞 — Netatalk 3.7 Medium2026-05-21
CVE-2026-45232 Rsync 安全漏洞 — rsync 3.1 Low2026-05-20
CVE-2026-44603 Tor 安全漏洞 — Tor 3.7 Low2026-05-07
CVE-2026-7572 Velocidex Velociraptor 安全漏洞 — velociraptor 4.4 Medium2026-05-06
CVE-2026-43964 Postfix 安全漏洞 — Postfix 3.7 Low2026-05-04
CVE-2026-43860 mutt 安全漏洞 — mutt 3.7 Low2026-05-04
CVE-2026-40254 FreeRDP 安全漏洞 — FreeRDP 4.2 Medium2026-04-24
CVE-2026-6861 Red Hat Enterprise Linux 10 安全漏洞 — Red Hat Enterprise Linux 10 6.1 Medium2026-04-22
CVE-2026-40312 ImageMagick 安全漏洞 — ImageMagick 6.2 Medium2026-04-13
CVE-2026-33997 Moby 安全漏洞 — moby 6.8 Medium2026-03-31
CVE-2026-5123 GoBGP 安全漏洞 — GoBGP 3.7 Low2026-03-30
CVE-2026-22593 EVerest 安全漏洞 — everest-core 8.4 High2026-03-26
CVE-2026-4887 Red Hat Enterprise Linux 安全漏洞 — Red Hat Enterprise Linux 7 Extended Lifecycle Support 6.1 Medium2026-03-26
CVE-2026-34085 fontconfig 安全漏洞 — fontconfig 5.9 Medium2026-03-25
CVE-2006-10003 XML::Parser 安全漏洞 — XML::Parser 8.1 -2026-03-19
CVE-2026-28520 arduino-TuyaOpen 安全漏洞 — arduino-TuyaOpen 8.4 High2026-03-15
CVE-2026-31988 yauzl 安全漏洞 — yauzl 5.3 Medium2026-03-11
CVE-2026-26309 Envoy 安全漏洞 — envoy 5.3 Medium2026-03-10
CVE-2026-2703 xlnt 安全漏洞 — xlnt 3.3 Low2026-02-19
CVE-2026-21870 BACnet Protocol Stack 安全漏洞 — bacnet-stack 5.5 Medium2026-02-13
CVE-2025-11215 Google Chrome 安全漏洞 — Chrome 8.8AIHighAI2025-11-06
CVE-2025-54349 iperf 安全漏洞 — iperf3 6.5 Medium2025-08-03
CVE-2025-52497 Mbed TLS 安全漏洞 — mbedtls 4.8 Medium2025-07-04
CVE-2025-47711 Libguestfs nbdkit 安全漏洞 6.5 Medium2025-06-09
CVE-2025-43971 GoBGP 安全漏洞 — GoBGP 8.6 High2025-04-21
CVE-2025-43973 GoBGP 安全漏洞 — GoBGP 6.8 Medium2025-04-21

CWE-193(Off-by-one错误) 是常见的弱点类别,本平台收录该类弱点关联的 64 条 CVE 漏洞。