Common Weakness Enumeration

CWE-369

Allowed

Divide By Zero

Abstraction: Base · Status: Draft

The product divides a value by zero.

577 vulnerabilities reference this CWE, most recent first.

GHSA-MF33-8PGP-Q5FX

Vulnerability from github – Published: 2022-03-16 00:00 – Updated: 2022-03-23 00:00
VLAI
Details

Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-42390"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-14T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Divide-by-zero in Clickhouse\u0027s DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.",
  "id": "GHSA-mf33-8pgp-q5fx",
  "modified": "2022-03-23T00:00:46Z",
  "published": "2022-03-16T00:00:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42390"
    },
    {
      "type": "WEB",
      "url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MF62-GM5R-38WJ

Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2025-11-03 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Initialize denominators' default to 1

[WHAT & HOW] Variables used as denominators and maybe not assigned to other values, should not be 0. Change their default to 1 so they are never 0.

This fixes 10 DIVIDE_BY_ZERO issues reported by Coverity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49899"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T18:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Initialize denominators\u0027 default to 1\n\n[WHAT \u0026 HOW]\nVariables used as denominators and maybe not assigned to other values,\nshould not be 0. Change their default to 1 so they are never 0.\n\nThis fixes 10 DIVIDE_BY_ZERO issues reported by Coverity.",
  "id": "GHSA-mf62-gm5r-38wj",
  "modified": "2025-11-03T21:31:22Z",
  "published": "2024-10-21T18:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49899"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7f8e93b862aba08d540f1e9e03e0ceb4d0cfd5fb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9be768f08b16f020da376538b08463ac3a2ce8cd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9f35cec5e4b9759b38c663d18eae4eaf30f36527"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b995c0a6de6c74656a0c39cd57a0626351b13e3c"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MG8F-GMVX-PVJJ

Vulnerability from github – Published: 2025-01-11 15:30 – Updated: 2025-11-03 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/modes: Avoid divide by zero harder in drm_mode_vrefresh()

drm_mode_vrefresh() is trying to avoid divide by zero by checking whether htotal or vtotal are zero. But we may still end up with a div-by-zero of vtotalhtotal...

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56369"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-11T13:15:28Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/modes: Avoid divide by zero harder in drm_mode_vrefresh()\n\ndrm_mode_vrefresh() is trying to avoid divide by zero\nby checking whether htotal or vtotal are zero. But we may\nstill end up with a div-by-zero of vtotal*htotal*...",
  "id": "GHSA-mg8f-gmvx-pvjj",
  "modified": "2025-11-03T21:32:07Z",
  "published": "2025-01-11T15:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56369"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/47c8b6cf1d08f0ad40d7ea7b025442e51b35ee1f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/69fbb01e891701e6d04db1ddb5ad49e42c4dd963"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9398332f23fab10c5ec57c168b44e72997d6318e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b39de5a71bac5641d0fda33d1cf5682d82cf1ae5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e7c7b48a0fc5ed83baae400a1b15e33978c25d7f"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MGJX-CG3Q-7VJW

Vulnerability from github – Published: 2026-04-13 15:31 – Updated: 2026-07-14 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net/sched: sch_hfsc: fix divide-by-zero in rtsc_min()

m2sm() converts a u32 slope to a u64 scaled value. For large inputs (e.g. m1=4000000000), the result can reach 2^32. rtsc_min() stores the difference of two such u64 values in a u32 variable dsm and uses it as a divisor. When the difference is exactly 2^32 the truncation yields zero, causing a divide-by-zero oops in the concave-curve intersection path:

Oops: divide error: 0000 RIP: 0010:rtsc_min (net/sched/sch_hfsc.c:601) Call Trace: init_ed (net/sched/sch_hfsc.c:629) hfsc_enqueue (net/sched/sch_hfsc.c:1569) [...]

Widen dsm to u64 and replace do_div() with div64_u64() so the full difference is preserved.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31423"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-13T14:16:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_hfsc: fix divide-by-zero in rtsc_min()\n\nm2sm() converts a u32 slope to a u64 scaled value.  For large inputs\n(e.g. m1=4000000000), the result can reach 2^32.  rtsc_min() stores\nthe difference of two such u64 values in a u32 variable `dsm` and\nuses it as a divisor.  When the difference is exactly 2^32 the\ntruncation yields zero, causing a divide-by-zero oops in the\nconcave-curve intersection path:\n\n  Oops: divide error: 0000\n  RIP: 0010:rtsc_min (net/sched/sch_hfsc.c:601)\n  Call Trace:\n   init_ed (net/sched/sch_hfsc.c:629)\n   hfsc_enqueue (net/sched/sch_hfsc.c:1569)\n   [...]\n\nWiden `dsm` to u64 and replace do_div() with div64_u64() so the full\ndifference is preserved.",
  "id": "GHSA-mgjx-cg3q-7vjw",
  "modified": "2026-07-14T15:31:51Z",
  "published": "2026-04-13T15:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31423"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/17c1b9807b8a67d676b6dcf749ee932ebaa7f568"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/25b6821884713a31e2b49fb67b0ebd765b33e0a9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4576100b8cd03118267513cafacde164b498b322"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ab1ff5890c7354afc7be56502fcfbd61f3b7ae4f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ad8e8fec40290a8c8cf145c0deaadf76f80c5163"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b9e6431cbea8bb1fae8069ed099b4ee100499835"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c56f78614e7781aaceca9bd3cb2128bf7d45c3bd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d0aefec1b1a1ba2c1d251028dc2c4e5b4ce1fea5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MJ8F-265F-RV38

Vulnerability from github – Published: 2026-03-10 18:31 – Updated: 2026-03-10 18:31
VLAI
Details

Divide by zero in Microsoft Graphics Component allows an unauthorized attacker to deny service locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-25169"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-10T18:18:30Z",
    "severity": "MODERATE"
  },
  "details": "Divide by zero in Microsoft Graphics Component allows an unauthorized attacker to deny service locally.",
  "id": "GHSA-mj8f-265f-rv38",
  "modified": "2026-03-10T18:31:20Z",
  "published": "2026-03-10T18:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25169"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25169"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MJV8-7JX2-FJMQ

Vulnerability from github – Published: 2022-05-14 01:55 – Updated: 2022-05-14 01:55
VLAI
Details

A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-17434"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-24T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.",
  "id": "GHSA-mjv8-7jx2-fjmq",
  "modified": "2022-05-14T01:55:57Z",
  "published": "2022-05-14T01:55:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17434"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_apply_filters_h5repack_filters"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00009.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MP45-F49C-FG56

Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:47
VLAI
Details

An issue was discovered in Bitdefender Engines before 7.76662. A vulnerability has been discovered in the iso.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a division-by-zero circumstance. Paired with other vulnerabilities, this can result in denial-of-service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-18058"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-24T17:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Bitdefender Engines before 7.76662. A vulnerability has been discovered in the iso.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a division-by-zero circumstance. Paired with other vulnerabilities, this can result in denial-of-service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.",
  "id": "GHSA-mp45-f49c-fg56",
  "modified": "2024-04-04T00:47:21Z",
  "published": "2022-05-24T16:46:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18058"
    },
    {
      "type": "WEB",
      "url": "https://www.bitdefender.com"
    },
    {
      "type": "WEB",
      "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-iso-xmd-iso-parsing-bounds-read-vulnerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MQ6F-3MW5-JG7G

Vulnerability from github – Published: 2022-05-24 16:48 – Updated: 2023-02-27 18:32
VLAI
Details

Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-20845"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-26T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).",
  "id": "GHSA-mq6f-3mw5-jg7g",
  "modified": "2023-02-27T18:32:03Z",
  "published": "2022-05-24T16:48:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20845"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uclouvain/openjpeg/pull/1168/commits/c5bd64ea146162967c29bd2af0cbb845ba3eaaaf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108921"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MQM4-PWJF-GW24

Vulnerability from github – Published: 2023-08-22 21:30 – Updated: 2025-11-04 18:30
VLAI
Details

An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46312"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-22T19:16:21Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.",
  "id": "GHSA-mqm4-pwjf-gw24",
  "modified": "2025-11-04T18:30:43Z",
  "published": "2023-08-22T21:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46312"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APFAWR7QE27GXQMRKR6XKNZWWUJ5YMH"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HN4JOIBNMJMW2NQSGT6DCDCQZJ2ROFM7"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEEGAR4WUF6LTOJEHSON7I2MBTPFTVR5"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HN4JOIBNMJMW2NQSGT6DCDCQZJ2ROFM7"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XEEGAR4WUF6LTOJEHSON7I2MBTPFTVR5"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/djvu/bugs/344"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MV78-G7WQ-MHP4

Vulnerability from github – Published: 2021-05-21 14:26 – Updated: 2024-11-13 16:00
VLAI
Summary
Division by zero in padding computation in TFLite
Details

Impact

The TFLite computation for size of output after padding, ComputeOutSize, does not check that the stride argument is not 0 before doing the division.

inline int ComputeOutSize(TfLitePadding padding, int image_size,
                          int filter_size, int stride, int dilation_rate = 1) {
  int effective_filter_size = (filter_size - 1) * dilation_rate + 1;
  switch (padding) {
    case kTfLitePaddingSame:
      return (image_size + stride - 1) / stride;
    case kTfLitePaddingValid:
      return (image_size + stride - effective_filter_size) / stride;
    default:
      return 0;
  }
}

Users can craft special models such that ComputeOutSize is called with stride set to 0.

Patches

We have patched the issue in GitHub commit 49847ae69a4e1a97ae7f2db5e217c77721e37948.

The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by members of the Aivul Team from Qihoo 360.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-29585"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-18T17:18:34Z",
    "nvd_published_at": "2021-05-14T20:15:00Z",
    "severity": "LOW"
  },
  "details": "### Impact\nThe TFLite computation for size of output after padding, [`ComputeOutSize`](https://github.com/tensorflow/tensorflow/blob/0c9692ae7b1671c983569e5d3de5565843d500cf/tensorflow/lite/kernels/padding.h#L43-L55), does not check that the `stride` argument is not 0 before doing the division.\n\n```cc\ninline int ComputeOutSize(TfLitePadding padding, int image_size,\n                          int filter_size, int stride, int dilation_rate = 1) {\n  int effective_filter_size = (filter_size - 1) * dilation_rate + 1;\n  switch (padding) {\n    case kTfLitePaddingSame:\n      return (image_size + stride - 1) / stride;\n    case kTfLitePaddingValid:\n      return (image_size + stride - effective_filter_size) / stride;\n    default:\n      return 0;\n  }\n}\n```\n  \nUsers can craft special models such that `ComputeOutSize` is called with `stride` set to 0.\n\n### Patches\nWe have patched the issue in GitHub commit [49847ae69a4e1a97ae7f2db5e217c77721e37948](https://github.com/tensorflow/tensorflow/commit/49847ae69a4e1a97ae7f2db5e217c77721e37948).\n\nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
  "id": "GHSA-mv78-g7wq-mhp4",
  "modified": "2024-11-13T16:00:45Z",
  "published": "2021-05-21T14:26:41Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv78-g7wq-mhp4"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29585"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/49847ae69a4e1a97ae7f2db5e217c77721e37948"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-513.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-711.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-222.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/blob/0c9692ae7b1671c983569e5d3de5565843d500cf/tensorflow/lite/kernels/padding.h#L43-L55"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Division by zero in padding computation in TFLite"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.