CWE-193: CWE-193: Off-by-one Error

CWE-193: CWE-193: Off-by-one Error is a Common Weakness Enumeration (CWE) entry maintained by MITRE. Description

If exploited, CWE-193 (CWE-193: Off-by-one Error) it can compromise DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory) and DoS: Instability, leading to outcomes such as Scope: Availability This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high., Scope: Integrity If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows and further memory corruption may occur..

Recommended mitigations for CWE-193 include: When copying character arrays or using character manipulation methods, the correct size parameter must be used to account for the null terminator that needs to be added at the end of the array. Some examples of functions susceptible to this weakness in C include strcpy(), strncpy(), strcat(), strncat(), printf(), sprintf(), scanf() and sscanf().

CWE-193 commonly affects Languages. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

A CWE (Common Weakness Enumeration) like CWE-193 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.