CWE-369
AllowedDivide By Zero
Abstraction: Base · Status: Draft
The product divides a value by zero.
577 vulnerabilities reference this CWE, most recent first.
GHSA-G2Q2-MXF3-3F6F
Vulnerability from github – Published: 2022-05-17 00:47 – Updated: 2022-05-17 00:47NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation during a calculation which may lead to a potential divide by zero and denial of service.
{
"affected": [],
"aliases": [
"CVE-2017-6270"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-22T17:29:00Z",
"severity": "MODERATE"
},
"details": "NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation during a calculation which may lead to a potential divide by zero and denial of service.",
"id": "GHSA-g2q2-mxf3-3f6f",
"modified": "2022-05-17T00:47:37Z",
"published": "2022-05-17T00:47:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6270"
},
{
"type": "WEB",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4544"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G343-VCX4-78PG
Vulnerability from github – Published: 2022-05-14 01:18 – Updated: 2022-05-14 01:18A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
{
"affected": [],
"aliases": [
"CVE-2018-11207"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-16T15:29:00Z",
"severity": "MODERATE"
},
"details": "A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.",
"id": "GHSA-g343-vcx4-78pg",
"modified": "2022-05-14T01:18:38Z",
"published": "2022-05-14T01:18:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11207"
},
{
"type": "WEB",
"url": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5#divided-by-zero---divbyzero__h5d_chunk_poc"
},
{
"type": "WEB",
"url": "https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G3QH-H448-HF99
Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2025-04-20 03:32Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.
{
"affected": [],
"aliases": [
"CVE-2016-4797"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-03T16:59:00Z",
"severity": "MODERATE"
},
"details": "Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.",
"id": "GHSA-g3qh-h448-hf99",
"modified": "2025-04-20T03:32:22Z",
"published": "2022-05-13T01:16:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4797"
},
{
"type": "WEB",
"url": "https://github.com/uclouvain/openjpeg/issues/733"
},
{
"type": "WEB",
"url": "https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335483"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FFMOZOF2EI6N2CR23EQ5EATWLQKBMHW"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJM23YERMEC6LCTWBUH7LZURGSLZDFDH"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFRD35RIPRCGZA5DKAKHZ62LMP2A5UT7"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPMDEUIMHTLKMHELDL4F4HZ7X4Y34JEB"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FFMOZOF2EI6N2CR23EQ5EATWLQKBMHW"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BJM23YERMEC6LCTWBUH7LZURGSLZDFDH"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFRD35RIPRCGZA5DKAKHZ62LMP2A5UT7"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPMDEUIMHTLKMHELDL4F4HZ7X4Y34JEB"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/05/13/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G3XX-H684-WG52
Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-05 15:31In the Linux kernel, the following vulnerability has been resolved:
drm/amd/pm: Prevent division by zero
The user can set any speed value. If speed is greater than UINT_MAX/8, division by zero is possible.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
{
"affected": [],
"aliases": [
"CVE-2025-37770"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T14:15:40Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"id": "GHSA-g3xx-h684-wg52",
"modified": "2025-11-05T15:31:01Z",
"published": "2025-05-01T15:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37770"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/05de66de280ea1bd0459c994bfd2dd332cfbc2a9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0c02fcbe4a1393a3c02da6ae35e72493cfdb2155"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4b8c3c0d17c07f301011e2908fecd2ebdcfe3d1c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/587de3ca7875c06fe3c3aa4073a85c4eff46591f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/836a189fb422e7efb81c51d5160e47ec7bc11500"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bd4d90adbca1862d03e581e10e74ab73ec75e61b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e109528bbf460e50074c156253d9080d223ee37f"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G68G-QFGW-MFFH
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-05-24 19:02A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.
{
"affected": [],
"aliases": [
"CVE-2021-20310"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-11T23:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.",
"id": "GHSA-g68g-qfgw-mffh",
"modified": "2022-05-24T19:02:17Z",
"published": "2022-05-24T19:02:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20310"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946728"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-G7J3-WQPV-M97M
Vulnerability from github – Published: 2024-03-12 18:31 – Updated: 2024-03-12 18:31Microsoft AllJoyn API Denial of Service Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-21438"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-12T17:15:52Z",
"severity": "HIGH"
},
"details": "Microsoft AllJoyn API Denial of Service Vulnerability",
"id": "GHSA-g7j3-wqpv-m97m",
"modified": "2024-03-12T18:31:13Z",
"published": "2024-03-12T18:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21438"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21438"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G7M4-839X-CH6V
Vulnerability from github – Published: 2026-06-18 20:45 – Updated: 2026-06-18 20:45Summary
The digits parameter parsed from a provisioning URI is validated only with a lower bound ($value > 0) and has no upper bound (src/OTP.php:353-357). OTP generation computes $code % (10 ** $this->getDigits()) (src/OTP.php:283). When digits is large enough that 10 ** digits overflows PHP's integer range and the (int) cast yields 0 (around digits >= 40 on 64-bit PHP 8.x), the modulo operand becomes 0 and PHP raises a DivisionByZeroError.
Impact
OTPHP\Factory::loadFromProvisioningUri() forwards the attacker-controlled digits query value to setParameter('digits', $value), so a hostile URI such as otpauth://totp/Alice?secret=JBSWY3DPEHPK3PXP&digits=50 produces an OTP object whose at(), now(), and verify() all throw DivisionByZeroError. Because DivisionByZeroError extends Error (not Exception), callers that guard OTP generation with a catch (\Exception) do not catch it, turning a malformed URI into an unhandled fatal error (denial of service of the verification path).
Measured threshold on PHP 8.3: digits = 30 works, digits >= 40 throws DivisionByZeroError: Modulo by zero.
Affected component
src/OTP.php:353-357—digitsparameter callback (no upper bound)src/OTP.php:283—$code % (10 ** $this->getDigits())
Proof of concept
use OTPHP\Factory;
use OTPHP\InternalClock;
$otp = Factory::loadFromProvisioningUri(
'otpauth://totp/Alice?secret=JBSWY3DPEHPK3PXP&digits=50',
new InternalClock()
);
$otp->at(0); // DivisionByZeroError: Modulo by zero (escapes catch (\Exception))
Remediation
Enforce a sane upper bound on digits in the parameter validation callback (e.g. reject values above 8–10, the practical range for OTPs) so that an out-of-range value is rejected with a documented exception instead of producing an object that fails later with an uncatchable Error.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "spomky-labs/otphp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "11.4.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-1284",
"CWE-369"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-18T20:45:47Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "## Summary\n\nThe `digits` parameter parsed from a provisioning URI is validated only with a lower bound (`$value \u003e 0`) and has no upper bound (`src/OTP.php:353-357`). OTP generation computes `$code % (10 ** $this-\u003egetDigits())` (`src/OTP.php:283`). When `digits` is large enough that `10 ** digits` overflows PHP\u0027s integer range and the `(int)` cast yields `0` (around `digits \u003e= 40` on 64-bit PHP 8.x), the modulo operand becomes `0` and PHP raises a `DivisionByZeroError`.\n\n## Impact\n\n`OTPHP\\Factory::loadFromProvisioningUri()` forwards the attacker-controlled `digits` query value to `setParameter(\u0027digits\u0027, $value)`, so a hostile URI such as `otpauth://totp/Alice?secret=JBSWY3DPEHPK3PXP\u0026digits=50` produces an OTP object whose `at()`, `now()`, and `verify()` all throw `DivisionByZeroError`. Because `DivisionByZeroError` extends `Error` (not `Exception`), callers that guard OTP generation with a `catch (\\Exception)` do not catch it, turning a malformed URI into an unhandled fatal error (denial of service of the verification path).\n\nMeasured threshold on PHP 8.3: `digits = 30` works, `digits \u003e= 40` throws `DivisionByZeroError: Modulo by zero`.\n\n## Affected component\n\n- `src/OTP.php:353-357` \u2014 `digits` parameter callback (no upper bound)\n- `src/OTP.php:283` \u2014 `$code % (10 ** $this-\u003egetDigits())`\n\n## Proof of concept\n\n```php\nuse OTPHP\\Factory;\nuse OTPHP\\InternalClock;\n\n$otp = Factory::loadFromProvisioningUri(\n \u0027otpauth://totp/Alice?secret=JBSWY3DPEHPK3PXP\u0026digits=50\u0027,\n new InternalClock()\n);\n$otp-\u003eat(0); // DivisionByZeroError: Modulo by zero (escapes catch (\\Exception))\n```\n\n## Remediation\n\nEnforce a sane upper bound on `digits` in the parameter validation callback (e.g. reject values above 8\u201310, the practical range for OTPs) so that an out-of-range value is rejected with a documented exception instead of producing an object that fails later with an uncatchable `Error`.",
"id": "GHSA-g7m4-839x-ch6v",
"modified": "2026-06-18T20:45:48Z",
"published": "2026-06-18T20:45:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Spomky-Labs/otphp/security/advisories/GHSA-g7m4-839x-ch6v"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/spomky-labs/otphp/GHSA-g7m4-839x-ch6v.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/Spomky-Labs/otphp"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "spomky-labs/otphp: Unbounded digits parameter in a provisioning URI triggers an uncaught DivisionByZeroError in OTP generation"
}
GHSA-G7QH-XF59-6JC7
Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a malicous APNG file using cjxl, an attacker can trigger a denial of service.
{
"affected": [],
"aliases": [
"CVE-2021-36692"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-30T21:15:00Z",
"severity": "MODERATE"
},
"details": "libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a malicous APNG file using cjxl, an attacker can trigger a denial of service.",
"id": "GHSA-g7qh-xf59-6jc7",
"modified": "2022-05-24T19:12:25Z",
"published": "2022-05-24T19:12:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36692"
},
{
"type": "WEB",
"url": "https://github.com/libjxl/libjxl/issues/308"
},
{
"type": "WEB",
"url": "https://github.com/libjxl/libjxl/pull/313"
},
{
"type": "WEB",
"url": "https://github.com/libjxl/libjxl/commit/7dfa400ded53919d986c5d3d23446a09e0cf481b"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-G8Q8-J3HG-2PXM
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2020-20446"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-25T18:15:00Z",
"severity": "MODERATE"
},
"details": "FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service.",
"id": "GHSA-g8q8-j3hg-2pxm",
"modified": "2022-05-24T19:03:10Z",
"published": "2022-05-24T19:03:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20446"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html"
},
{
"type": "WEB",
"url": "https://trac.ffmpeg.org/ticket/7995"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4990"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4998"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-G957-G6MH-XP98
Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.
{
"affected": [],
"aliases": [
"CVE-2015-8504"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-11T19:59:00Z",
"severity": "MODERATE"
},
"details": "Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.",
"id": "GHSA-g957-g6mh-xp98",
"modified": "2022-05-13T01:16:26Z",
"published": "2022-05-13T01:16:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8504"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289541"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201602-01"
},
{
"type": "WEB",
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=4c65fed8bdf96780735dbdb92a8"
},
{
"type": "WEB",
"url": "http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=4c65fed8bdf96780735dbdb92a8"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3469"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3470"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/12/08/7"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/78708"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.