Common Weakness Enumeration

CWE-369

Allowed

Divide By Zero

Abstraction: Base · Status: Draft

The product divides a value by zero.

577 vulnerabilities reference this CWE, most recent first.

GHSA-CGX8-MH65-HCP4

Vulnerability from github – Published: 2025-08-29 15:30 – Updated: 2025-08-29 15:30
VLAI
Details

A security vulnerability has been detected in appneta tcpreplay 4.5.1. Impacted is the function calc_sleep_time of the file send_packets.c. Such manipulation leads to divide by zero. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. Upgrading to version 4.5.3-beta3 is recommended to address this issue. It is advisable to upgrade the affected component. The vendor confirms in a GitHub issue reply: "Was able to reproduce in 6fcbf03 but NOT 4.5.3-beta3."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-9649"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-29T14:15:50Z",
    "severity": "MODERATE"
  },
  "details": "A security vulnerability has been detected in appneta tcpreplay 4.5.1. Impacted is the function calc_sleep_time of the file send_packets.c. Such manipulation leads to divide by zero. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. Upgrading to version 4.5.3-beta3 is recommended to address this issue. It is advisable to upgrade the affected component. The vendor confirms in a GitHub issue reply: \"Was able to reproduce in 6fcbf03 but NOT 4.5.3-beta3.\"",
  "id": "GHSA-cgx8-mh65-hcp4",
  "modified": "2025-08-29T15:30:38Z",
  "published": "2025-08-29T15:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9649"
    },
    {
      "type": "WEB",
      "url": "https://github.com/appneta/tcpreplay/issues/968"
    },
    {
      "type": "WEB",
      "url": "https://github.com/appneta/tcpreplay/issues/968#issuecomment-3226338070"
    },
    {
      "type": "WEB",
      "url": "https://drive.google.com/file/d/16QQtZvUrMbF-i_1cGt5hNWmkn-YVyBOM/view?usp=sharing"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.321855"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.321855"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.630493"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.630494"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-CH3R-HJXG-J657

Vulnerability from github – Published: 2024-06-08 15:31 – Updated: 2024-07-17 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix division by zero in setup_dsc_config

When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a state that requires a reboot. This patch adds a check to avoid the division by zero.

The stack trace below is for the 6.8.4 Kernel. I reproduced the issue on a Z16 Gen 2 Lenovo Thinkpad with a Apple Studio Display monitor connected via Thunderbolt. The amdgpu driver crashed with this exception when I rebooted the system with the monitor connected.

kernel: ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447) kernel: ? do_trap (arch/x86/kernel/traps.c:113 arch/x86/kernel/traps.c:154) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: ? do_error_trap (./arch/x86/include/asm/traps.h:58 arch/x86/kernel/traps.c:175) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: ? exc_divide_error (arch/x86/kernel/traps.c:194 (discriminator 2)) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: ? asm_exc_divide_error (./arch/x86/include/asm/idtentry.h:548) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: dc_dsc_compute_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1109) amdgpu

After applying this patch, the driver no longer crashes when the monitor is connected and the system is rebooted. I believe this is the same issue reported for 3113.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-36969"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-08T13:15:58Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix division by zero in setup_dsc_config\n\nWhen slice_height is 0, the division by slice_height in the calculation\nof the number of slices will cause a division by zero driver crash. This\nleaves the kernel in a state that requires a reboot. This patch adds a\ncheck to avoid the division by zero.\n\nThe stack trace below is for the 6.8.4 Kernel. I reproduced the issue on\na Z16 Gen 2 Lenovo Thinkpad with a Apple Studio Display monitor\nconnected via Thunderbolt. The amdgpu driver crashed with this exception\nwhen I rebooted the system with the monitor connected.\n\nkernel: ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447)\nkernel: ? do_trap (arch/x86/kernel/traps.c:113 arch/x86/kernel/traps.c:154)\nkernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu\nkernel: ? do_error_trap (./arch/x86/include/asm/traps.h:58 arch/x86/kernel/traps.c:175)\nkernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu\nkernel: ? exc_divide_error (arch/x86/kernel/traps.c:194 (discriminator 2))\nkernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu\nkernel: ? asm_exc_divide_error (./arch/x86/include/asm/idtentry.h:548)\nkernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu\nkernel: dc_dsc_compute_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1109) amdgpu\n\nAfter applying this patch, the driver no longer crashes when the monitor\nis connected and the system is rebooted. I believe this is the same\nissue reported for 3113.",
  "id": "GHSA-ch3r-hjxg-j657",
  "modified": "2024-07-17T18:31:00Z",
  "published": "2024-06-08T15:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36969"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/130afc8a886183a94cf6eab7d24f300014ff87ba"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/308de6be0c9c7ba36915c0d398e771725c0ea911"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7e4f50dfc98c49b3dc6875a35c3112522fb25639"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/91402e0e5de9124a3108db7a14163fcf9a6d322f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a32c8f951c8a456c1c251e1dcdf21787f8066445"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f187fcbbb8f8bf10c6687f0beae22509369f7563"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CH4F-829C-V5PW

Vulnerability from github – Published: 2021-08-25 14:43 – Updated: 2024-11-13 17:19
VLAI
Summary
Division by 0 in `ResourceScatterDiv`
Details

Impact

The implementation of tf.raw_ops.ResourceScatterDiv is vulnerable to a division by 0 error:

import tensorflow as tf

v= tf.Variable([1,2,3])
tf.raw_ops.ResourceScatterDiv(
  resource=v.handle,
  indices=[1],
  updates=[0])

The implementation uses a common class for all binary operations but fails to treat the division by 0 case separately.

Patches

We have patched the issue in GitHub commit 4aacb30888638da75023e6601149415b39763d76.

The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by members of the Aivul Team from Qihoo 360.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.5.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.5.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.5.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2021-37642"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-23T18:58:49Z",
    "nvd_published_at": "2021-08-12T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nThe implementation of `tf.raw_ops.ResourceScatterDiv` is vulnerable to a division by 0 error:\n\n```python\nimport tensorflow as tf\n\nv= tf.Variable([1,2,3])\ntf.raw_ops.ResourceScatterDiv(\n  resource=v.handle,\n  indices=[1],\n  updates=[0])\n```\n\nThe [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/resource_variable_ops.cc#L865) uses a common class for all binary operations but fails to treat the division by 0 case separately.\n\n### Patches\nWe have patched the issue in GitHub commit [4aacb30888638da75023e6601149415b39763d76](https://github.com/tensorflow/tensorflow/commit/4aacb30888638da75023e6601149415b39763d76).\n\nThe fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
  "id": "GHSA-ch4f-829c-v5pw",
  "modified": "2024-11-13T17:19:29Z",
  "published": "2021-08-25T14:43:56Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-ch4f-829c-v5pw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37642"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/4aacb30888638da75023e6601149415b39763d76"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-555.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-753.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-264.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Division by 0 in `ResourceScatterDiv`"
}

GHSA-CJRR-3F69-P92J

Vulnerability from github – Published: 2025-04-01 18:30 – Updated: 2025-11-03 21:33
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ftrace: Avoid potential division by zero in function_stat_show()

Check whether denominator expression x * (x - 1) * 1000 mod {2^32, 2^64} produce zero and skip stddev computation in that case.

For now don't care about rec->counter * rec->counter overflow because rec->time * rec->time overflow will likely happen earlier.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21898"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-01T16:15:20Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Avoid potential division by zero in function_stat_show()\n\nCheck whether denominator expression x * (x - 1) * 1000 mod {2^32, 2^64}\nproduce zero and skip stddev computation in that case.\n\nFor now don\u0027t care about rec-\u003ecounter * rec-\u003ecounter overflow because\nrec-\u003etime * rec-\u003etime overflow will likely happen earlier.",
  "id": "GHSA-cjrr-3f69-p92j",
  "modified": "2025-11-03T21:33:20Z",
  "published": "2025-04-01T18:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21898"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3d738b53ed6cddb68e68c9874520a4bf846163b5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5b3d32f607f0478b414b16516cf27f9170cf66c8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/746cc474a95473591853927b3a9792a2d671155b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/992775227843c9376773784b8b362add44592ad7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9cdac46fa7e854e587eb5f393fe491b6d7a9bdf6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a1a7eb89ca0b89dc1c326eeee2596f263291aca3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ca381f60a3bb7cfaa618d73ca411610bd7fc3149"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f58a3f8e284d0bdf94164a8e61cd4e70d337a1a3"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CM5X-837X-JF3C

Vulnerability from github – Published: 2021-08-25 14:42 – Updated: 2024-11-13 20:54
VLAI
Summary
Division by 0 in inplace operations
Details

Impact

An attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0:

import tensorflow as tf

tf.raw_ops.InplaceSub(x=[],i=[-99,-1,-1],v=[1,1,1])

The implementation has a logic error: it should skip processing if x and v are empty but the code uses || instead of &&.

Patches

We have patched the issue in GitHub commit e86605c0a336c088b638da02135ea6f9f6753618.

The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by members of the Aivul Team from Qihoo 360.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.5.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.5.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.5.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2021-37660"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-24T13:20:38Z",
    "nvd_published_at": "2021-08-12T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nAn attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0:\n\n```python\nimport tensorflow as tf\n\ntf.raw_ops.InplaceSub(x=[],i=[-99,-1,-1],v=[1,1,1])\n```\n\nThe [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/inplace_ops.cc#L283) has a logic error: it should skip processing if `x` and `v` are empty but the code uses `||` instead of `\u0026\u0026`.\n\n### Patches\nWe have patched the issue in GitHub commit [e86605c0a336c088b638da02135ea6f9f6753618](https://github.com/tensorflow/tensorflow/commit/e86605c0a336c088b638da02135ea6f9f6753618).\n\nThe fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
  "id": "GHSA-cm5x-837x-jf3c",
  "modified": "2024-11-13T20:54:13Z",
  "published": "2021-08-25T14:42:44Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cm5x-837x-jf3c"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37660"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/e86605c0a336c088b638da02135ea6f9f6753618"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-573.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-771.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-282.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Division by 0 in inplace operations"
}

GHSA-CPVM-4FV9-R67X

Vulnerability from github – Published: 2022-05-14 01:15 – Updated: 2022-05-14 01:15
VLAI
Details

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-10026"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-03-25T00:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.",
  "id": "GHSA-cpvm-4fv9-r67x",
  "modified": "2022-05-14T01:15:48Z",
  "published": "2022-05-14T01:15:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10026"
    },
    {
      "type": "WEB",
      "url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41276"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CRWG-8VM3-26RF

Vulnerability from github – Published: 2024-09-13 06:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

nfc: pn533: Add poll mod list filling check

In case of im_protocols value is 1 and tm_protocols value is 0 this combination successfully passes the check 'if (!im_protocols && !tm_protocols)' in the nfc_start_poll(). But then after pn533_poll_create_mod_list() call in pn533_start_poll() poll mod list will remain empty and dev->poll_mod_count will remain 0 which lead to division by zero.

Normally no im protocol has value 1 in the mask, so this combination is not expected by driver. But these protocol values actually come from userspace via Netlink interface (NFC_CMD_START_POLL operation). So a broken or malicious program may pass a message containing a "bad" combination of protocol parameter values so that dev->poll_mod_count is not incremented inside pn533_poll_create_mod_list(), thus leading to division by zero. Call trace looks like: nfc_genl_start_poll() nfc_start_poll() ->start_poll() pn533_start_poll()

Add poll mod list filling check.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-46676"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-13T06:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Add poll mod list filling check\n\nIn case of im_protocols value is 1 and tm_protocols value is 0 this\ncombination successfully passes the check\n\u0027if (!im_protocols \u0026\u0026 !tm_protocols)\u0027 in the nfc_start_poll().\nBut then after pn533_poll_create_mod_list() call in pn533_start_poll()\npoll mod list will remain empty and dev-\u003epoll_mod_count will remain 0\nwhich lead to division by zero.\n\nNormally no im protocol has value 1 in the mask, so this combination is\nnot expected by driver. But these protocol values actually come from\nuserspace via Netlink interface (NFC_CMD_START_POLL operation). So a\nbroken or malicious program may pass a message containing a \"bad\"\ncombination of protocol parameter values so that dev-\u003epoll_mod_count\nis not incremented inside pn533_poll_create_mod_list(), thus leading\nto division by zero.\nCall trace looks like:\nnfc_genl_start_poll()\n  nfc_start_poll()\n    -\u003estart_poll()\n    pn533_start_poll()\n\nAdd poll mod list filling check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
  "id": "GHSA-crwg-8vm3-26rf",
  "modified": "2025-11-04T00:31:23Z",
  "published": "2024-09-13T06:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46676"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/56ad559cf6d87f250a8d203b555dfc3716afa946"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/64513d0e546a1f19e390f7e5eba3872bfcbdacf5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7535db0624a2dede374c42040808ad9a9101d723"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7ecd3dd4f8eecd3309432156ccfe24768e009ec4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8ddaea033de051ed61b39f6b69ad54a411172b33"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c5e05237444f32f6cfe5d907603a232c77a08b31"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/febccb39255f9df35527b88c953b2e0deae50e53"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CV2J-922J-HR56

Vulnerability from github – Published: 2023-07-26 12:30 – Updated: 2023-07-31 19:02
VLAI
Summary
Float point exception (FPE) in paddlepaddle
Details

FPE in paddle.linalg.matrix_power in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "paddlepaddle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-38672"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-26T22:34:20Z",
    "nvd_published_at": "2023-07-26T12:15:09Z",
    "severity": "MODERATE"
  },
  "details": "FPE in paddle.linalg.matrix_power in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service.\n",
  "id": "GHSA-cv2j-922j-hr56",
  "modified": "2023-07-31T19:02:24Z",
  "published": "2023-07-26T12:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38672"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PaddlePaddle/Paddle/commit/09926af166b060c9a9845c309110d3baa82921fd"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/PaddlePaddle/Paddle"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-004.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2023-125.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Float point exception (FPE) in paddlepaddle"
}

GHSA-CW7W-CFPJ-R652

Vulnerability from github – Published: 2025-07-10 09:32 – Updated: 2025-11-19 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

PM: EM: Fix potential division-by-zero error in em_compute_costs()

When the device is of a non-CPU type, table[i].performance won't be initialized in the previous em_init_performance(), resulting in division by zero when calculating costs in em_compute_costs().

Since the 'cost' algorithm is only used for EAS energy efficiency calculations and is currently not utilized by other device drivers, we should add the _is_cpu_device(dev) check to prevent this division-by-zero issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38297"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-10T08:15:28Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM: EM: Fix potential division-by-zero error in em_compute_costs()\n\nWhen the device is of a non-CPU type, table[i].performance won\u0027t be\ninitialized in the previous em_init_performance(), resulting in division\nby zero when calculating costs in em_compute_costs().\n\nSince the \u0027cost\u0027 algorithm is only used for EAS energy efficiency\ncalculations and is currently not utilized by other device drivers, we\nshould add the _is_cpu_device(dev) check to prevent this division-by-zero\nissue.",
  "id": "GHSA-cw7w-cfpj-r652",
  "modified": "2025-11-19T21:31:16Z",
  "published": "2025-07-10T09:32:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38297"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/14cbdd64f3870cf0a2d94b87919b9056448c59a0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/179c0c7044a378198adb36f2a12410ab68cc730a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/81d72f9241d884ec29524431f74f8009310cfa0c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F2C5-5798-QFVG

Vulnerability from github – Published: 2026-05-14 18:32 – Updated: 2026-05-14 18:32
VLAI
Details

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-46469"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-14T18:16:50Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin\u0027s qtdemux_parse_trak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero.",
  "id": "GHSA-f2c5-5798-qfvg",
  "modified": "2026-05-14T18:32:57Z",
  "published": "2026-05-14T18:32:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46469"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11243.patch"
    },
    {
      "type": "WEB",
      "url": "https://gstreamer.freedesktop.org/security/sa-2026-0018.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.