Common Weakness Enumeration

CWE-193

Allowed

Off-by-one Error

Abstraction: Base · Status: Draft

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

256 vulnerabilities reference this CWE, most recent first.

GHSA-6M97-7527-MH74

Vulnerability from github – Published: 2023-12-13 13:18 – Updated: 2024-11-22 20:41
VLAI
Summary
incorrect storage layout for contracts containing large arrays
Details

Impact

contracts containing large arrays might underallocate the number of slots they need. prior to v0.3.8, the calculation to determine how many slots a storage variable needed used math.ceil(type_.size_in_bytes / 32):

https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197

the intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. roughly speaking, if type_.size_in_bytes is large (> 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed. if type_.size_in_bytes is slightly more than a power of 2, the calculation can underestimate how many slots are needed.

the following two example contracts can result in overwriting of the variable vulnerable:

large_array: address[2**64 + 1]  # type_.size_in_bytes == 32 * (2**64 + 1); math.ceil(type_.size_in_bytes / 32) < 2**64 + 1
vulnerable: uint256

# writing to self.large_array[2**64] will overwrite self.vulnerable
large_dynarray: DynArray[address, 2**64]  # Dynarray has a length word in front, its size in bytes is 32 * (2**64 + 1)
vulnerable: uint256

# writing to self.large_dynarray[2**64 - 1] will overwrite self.vulnerable

note that in the latter case, the risk of vulnerable being overwritten is relatively small, since it would cost roughly $1.45 million trillion USD at today's gas prices (gas price 20gwei, ETH ~= $1800) in order to extend the DynArray to its full container size.

Patches

patched by v0.3.8, specifically in commit https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.3.7"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "vyper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-46247"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-193"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-13T13:18:52Z",
    "nvd_published_at": "2023-12-13T20:15:49Z",
    "severity": "HIGH"
  },
  "details": "### Impact\ncontracts containing large arrays might underallocate the number of slots they need. prior to v0.3.8, the calculation to determine how many slots a storage variable needed used `math.ceil(type_.size_in_bytes / 32)`:\n\nhttps://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197\n\nthe intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. roughly speaking, if `type_.size_in_bytes` is large (\u003e 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed. if `type_.size_in_bytes` is slightly more than a power of 2, the calculation can underestimate how many slots are needed.\n\nthe following two example contracts can result in overwriting of the variable `vulnerable`:\n```vyper\nlarge_array: address[2**64 + 1]  # type_.size_in_bytes == 32 * (2**64 + 1); math.ceil(type_.size_in_bytes / 32) \u003c 2**64 + 1\nvulnerable: uint256\n\n# writing to self.large_array[2**64] will overwrite self.vulnerable\n```\n```vyper\nlarge_dynarray: DynArray[address, 2**64]  # Dynarray has a length word in front, its size in bytes is 32 * (2**64 + 1)\nvulnerable: uint256\n\n# writing to self.large_dynarray[2**64 - 1] will overwrite self.vulnerable\n```\n\nnote that in the latter case, the risk of `vulnerable` being overwritten is relatively small, since it would cost roughly $1.45 million trillion USD at today\u0027s gas prices (gas price 20gwei, ETH ~= $1800) in order to extend the DynArray to its full container size.\n\n### Patches\npatched by v0.3.8, specifically in commit https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb.",
  "id": "GHSA-6m97-7527-mh74",
  "modified": "2024-11-22T20:41:02Z",
  "published": "2023-12-13T13:18:52Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46247"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/vyper/PYSEC-2023-307.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vyperlang/vyper"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "incorrect storage layout for contracts containing large arrays"
}

GHSA-6MX7-79GG-F646

Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2022-05-24 16:52
VLAI
Details

An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-14532"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-191",
      "CWE-193"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-02T15:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table.",
  "id": "GHSA-6mx7-79gg-f646",
  "modified": "2022-05-24T16:52:21Z",
  "published": "2022-05-24T16:52:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14532"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sleuthkit/sleuthkit/issues/1575"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EY53OYU7UZLAJWNIVVNR3EX2RNCCFTB"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQR2QY3IAF2IG6HGBSKGL66VUDOTC3OA"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFQKIE5U3LS5U7POPGS7YHLUSW2URWGJ"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6XW6-4HXH-3V2W

Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-05-24 17:48
VLAI
Details

A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS domain name label parsing functionality does not properly validate the null-terminated name in DNS-responses. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the read memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-27736"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-170",
      "CWE-193"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-22T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in Nucleus 4 (All versions \u003c V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions \u003c V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions \u003c V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS domain name label parsing functionality does not properly validate the null-terminated name in DNS-responses. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the read memory.",
  "id": "GHSA-6xw6-4hxh-3v2w",
  "modified": "2022-05-24T17:48:18Z",
  "published": "2022-05-24T17:48:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27736"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-774M-FHGF-HRHC

Vulnerability from github – Published: 2022-04-29 01:26 – Updated: 2024-02-15 21:31
VLAI
Details

Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2003-0625"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-193"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2003-08-27T04:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server\u0027s response.",
  "id": "GHSA-774m-fhgf-hrhc",
  "modified": "2024-02-15T21:31:22Z",
  "published": "2022-04-29T01:26:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0625"
    },
    {
      "type": "WEB",
      "url": "http://developer.berlios.de/forum/forum.php?forum_id=2819"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=105941103709264\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2003/dsa-360"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/8255"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7HCC-G6HM-H786

Vulnerability from github – Published: 2022-04-30 18:17 – Updated: 2024-02-02 03:30
VLAI
Details

Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2001-1391"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-193"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2001-04-17T04:00:00Z",
    "severity": "LOW"
  },
  "details": "Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory.",
  "id": "GHSA-7hcc-g6hm-h786",
  "modified": "2024-02-02T03:30:27Z",
  "published": "2022-04-30T18:17:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2001-1391"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11162"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2001/dsa-047"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=98575345009963\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=98637996127004\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=98653252326445\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=98684172109474\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=98759029811377\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=98775114228203\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=99013830726309\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://www.linux.org.uk/VERSION/relnotes.2219.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2001-047.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7HCX-RXP8-J55G

Vulnerability from github – Published: 2022-05-01 17:59 – Updated: 2025-04-09 03:40
VLAI
Details

Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2007-2052"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-193"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-04-16T22:19:00Z",
    "severity": "MODERATE"
  },
  "details": "Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.",
  "id": "GHSA-7hcx-rxp8-j55g",
  "modified": "2025-04-09T03:40:15Z",
  "published": "2022-05-01T17:59:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2052"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34060"
    },
    {
      "type": "WEB",
      "url": "https://issues.rpath.com/browse/RPL-1358"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934"
    },
    {
      "type": "WEB",
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25190"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25217"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25233"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25353"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25787"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28027"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28050"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29032"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29303"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29889"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31255"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31492"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37471"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1551"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1620"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:099"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
    },
    {
      "type": "WEB",
      "url": "http://www.python.org/download/releases/2.5.1/NEWS.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-1077.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/469294/30/6450/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/23887"
    },
    {
      "type": "WEB",
      "url": "http://www.trustix.org/errata/2007/0019"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-585-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1465"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0637"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-7M35-VW2C-696V

Vulnerability from github – Published: 2025-04-21 03:30 – Updated: 2026-03-12 17:22
VLAI
Summary
GoBGP panics due to a zero value for softwareVersionLen
Details

An issue was discovered in GoBGP before 3.35.0 (introduced in v3.11.0). pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/osrg/gobgp/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.11.0"
            },
            {
              "fixed": "3.35.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-43971"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-193"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-21T21:55:26Z",
    "nvd_published_at": "2025-04-21T01:15:45Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in GoBGP before 3.35.0 (introduced in v3.11.0). pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.",
  "id": "GHSA-7m35-vw2c-696v",
  "modified": "2026-03-12T17:22:08Z",
  "published": "2025-04-21T03:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43971"
    },
    {
      "type": "WEB",
      "url": "https://github.com/osrg/gobgp/commit/08a001e06d90e8bcc190084c66992f46f62c0986"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/osrg/gobgp"
    },
    {
      "type": "WEB",
      "url": "https://github.com/osrg/gobgp/compare/v3.34.0...v3.35.0"
    },
    {
      "type": "WEB",
      "url": "https://security-tracker.debian.org/tracker/CVE-2025-43971"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "GoBGP panics due to a zero value for softwareVersionLen"
}

GHSA-83P9-MCPM-374V

Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03
VLAI
Details

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-23017"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-193"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-01T13:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.",
  "id": "GHSA-83p9-mcpm-374v",
  "modified": "2022-05-24T19:03:49Z",
  "published": "2022-05-24T19:03:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23017"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009@%3Cnotifications.apisix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f@%3Cnotifications.apisix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba@%3Cnotifications.apisix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31@%3Cnotifications.apisix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c@%3Cnotifications.apisix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210708-0006"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K12331123,"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "type": "WEB",
      "url": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8499-WHQ2-XRRF

Vulnerability from github – Published: 2026-05-04 09:31 – Updated: 2026-05-04 09:31
VLAI
Details

mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43860"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-193"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-04T07:16:00Z",
    "severity": "LOW"
  },
  "details": "mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest.",
  "id": "GHSA-8499-whq2-xrrf",
  "modified": "2026-05-04T09:31:09Z",
  "published": "2026-05-04T09:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43860"
    },
    {
      "type": "WEB",
      "url": "https://github.com/muttmua/mutt/commit/834c5a2ed0479e51e8662a31caed129f136f4805"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-84G5-X8J3-7235

Vulnerability from github – Published: 2026-04-29 22:22 – Updated: 2026-04-29 22:22
VLAI
Summary
Netfoil has incorrect allowlist enforcement
Details

Summary

Rules could be bypassed by changing the first character: example.com could be be bypassed by e.g. fxample.com.

Details

Off-by-one error in the suffixtrie implementation.

Impact

The domain filter could be bypassed. Please note that DNS filtering alone is not enough to block malicious traffic.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/tinfoil-factory/netfoil"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-183",
      "CWE-193"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-29T22:22:16Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Summary\nRules could be bypassed by changing the first character: `example.com` could be be bypassed by e.g. `fxample.com`.\n\n### Details\nOff-by-one error in the suffixtrie implementation.\n\n### Impact\nThe domain filter could be bypassed. Please note that DNS filtering alone is not enough to block malicious traffic.",
  "id": "GHSA-84g5-x8j3-7235",
  "modified": "2026-04-29T22:22:16Z",
  "published": "2026-04-29T22:22:16Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tinfoil-factory/netfoil/security/advisories/GHSA-84g5-x8j3-7235"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tinfoil-factory/netfoil/commit/0ca054acf97b011e4fdd40392475c7786b975ec3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tinfoil-factory/netfoil"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tinfoil-factory/netfoil/releases/tag/v0.2.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Netfoil has incorrect allowlist enforcement"
}

Mitigation
Implementation

When copying character arrays or using character manipulation methods, the correct size parameter must be used to account for the null terminator that needs to be added at the end of the array. Some examples of functions susceptible to this weakness in C include strcpy(), strncpy(), strcat(), strncat(), printf(), sprintf(), scanf() and sscanf().

No CAPEC attack patterns related to this CWE.