Skip to main content

Off-by-one Error


Severity High
Score 7.8/10


A flaw was found in glibc before 2.35. An off-by-one buffer overflow and underflow in 'getcwd()' may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to 'getcwd()' in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

  • LOW
  • HIGH
  • NONE
  • LOW
  • HIGH
  • HIGH

CWE-193 - Off-by-one Error

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

Advisory Timeline

  • Published