CWE-369
AllowedDivide By Zero
Abstraction: Base · Status: Draft
The product divides a value by zero.
577 vulnerabilities reference this CWE, most recent first.
GHSA-MVCJ-X699-WRP4
Vulnerability from github – Published: 2025-08-16 12:30 – Updated: 2025-11-19 00:31In the Linux kernel, the following vulnerability has been resolved:
mm/damon: fix divide by zero in damon_get_intervals_score()
The current implementation allows having zero size regions with no special reasons, but damon_get_intervals_score() gets crashed by divide by zero when the region size is zero.
[ 29.403950] Oops: divide error: 0000 [#1] SMP NOPTI
This patch fixes the bug, but does not disallow zero size regions to keep the backward compatibility since disallowing zero size regions might be a breaking change for some users.
In addition, the same crash can happen when intervals_goal.access_bp is zero so this should be fixed in stable trees as well.
{
"affected": [],
"aliases": [
"CVE-2025-38519"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-16T11:15:45Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon: fix divide by zero in damon_get_intervals_score()\n\nThe current implementation allows having zero size regions with no special\nreasons, but damon_get_intervals_score() gets crashed by divide by zero\nwhen the region size is zero.\n\n [ 29.403950] Oops: divide error: 0000 [#1] SMP NOPTI\n\nThis patch fixes the bug, but does not disallow zero size regions to keep\nthe backward compatibility since disallowing zero size regions might be a\nbreaking change for some users.\n\nIn addition, the same crash can happen when intervals_goal.access_bp is\nzero so this should be fixed in stable trees as well.",
"id": "GHSA-mvcj-x699-wrp4",
"modified": "2025-11-19T00:31:23Z",
"published": "2025-08-16T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38519"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bd225b9591442065beb876da72656f4a2d627d03"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ca4bb9ac706f05ead8ac1cce7b8245fc0645a687"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P2C9-9QHG-MQ4Q
Vulnerability from github – Published: 2022-03-11 00:02 – Updated: 2022-03-17 00:01libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service
{
"affected": [],
"aliases": [
"CVE-2022-0856"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-10T17:44:00Z",
"severity": "MODERATE"
},
"details": "libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service",
"id": "GHSA-p2c9-9qhg-mq4q",
"modified": "2022-03-17T00:01:36Z",
"published": "2022-03-11T00:02:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0856"
},
{
"type": "WEB",
"url": "https://github.com/cacalabs/libcaca/issues/65"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3E5GF2LSX2ZEY5JZNM7HXJMLHMY436X"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTDRPVX3HCYLQCLMQ6NNSRC3B7L6WGUM"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MFOFTTMHO666HB3TVHBMCES6GCKG5PPG"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P3Q8-89Q5-QCJ2
Vulnerability from github – Published: 2022-05-14 01:14 – Updated: 2022-05-14 01:14An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error.
{
"affected": [],
"aliases": [
"CVE-2018-13100"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-03T10:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error.",
"id": "GHSA-p3q8-89q5-qcj2",
"modified": "2022-05-14T01:14:00Z",
"published": "2022-05-14T01:14:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13100"
},
{
"type": "WEB",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=200183"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42bf546c1fe3f3654bdf914e977acbc2b80a5be5"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Jan/52"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3932-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3932-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4094-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4118-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104679"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P45V-V4PW-77JR
Vulnerability from github – Published: 2021-05-21 14:23 – Updated: 2024-10-31 20:46Impact
An attacker can cause a runtime division by zero error and denial of service in tf.raw_ops.QuantizedBatchNormWithGlobalNormalization:
import tensorflow as tf
t = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.quint8)
t_min = tf.constant(-10.0, dtype=tf.float32)
t_max = tf.constant(-10.0, dtype=tf.float32)
m = tf.constant([], shape=[0], dtype=tf.quint8)
m_min = tf.constant(-10.0, dtype=tf.float32)
m_max = tf.constant(-10.0, dtype=tf.float32)
v = tf.constant([], shape=[0], dtype=tf.quint8)
v_min = tf.constant(-10.0, dtype=tf.float32)
v_max = tf.constant(-10.0, dtype=tf.float32)
beta = tf.constant([], shape=[0], dtype=tf.quint8)
beta_min = tf.constant(-10.0, dtype=tf.float32)
beta_max = tf.constant(-10.0, dtype=tf.float32)
gamma = tf.constant([], shape=[0], dtype=tf.quint8)
gamma_min = tf.constant(-10.0, dtype=tf.float32)
gamma_max = tf.constant(-10.0, dtype=tf.float32)
tf.raw_ops.QuantizedBatchNormWithGlobalNormalization(
t=t, t_min=t_min, t_max=t_max, m=m, m_min=m_min, m_max=m_max,
v=v, v_min=v_min, v_max=v_max, beta=beta, beta_min=beta_min,
beta_max=beta_max, gamma=gamma, gamma_min=gamma_min,
gamma_max=gamma_max, out_type=tf.qint32,
variance_epsilon=0.1, scale_after_normalization=True)
This is because the implementation does not validate all constraints specified in the op's contract.
Patches
We have patched the issue in GitHub commit d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b.
The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu X-Team
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29548"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-18T21:30:45Z",
"nvd_published_at": "2021-05-14T20:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nAn attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`:\n\n```python\nimport tensorflow as tf\n\nt = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.quint8)\nt_min = tf.constant(-10.0, dtype=tf.float32)\nt_max = tf.constant(-10.0, dtype=tf.float32)\nm = tf.constant([], shape=[0], dtype=tf.quint8)\nm_min = tf.constant(-10.0, dtype=tf.float32)\nm_max = tf.constant(-10.0, dtype=tf.float32)\nv = tf.constant([], shape=[0], dtype=tf.quint8)\nv_min = tf.constant(-10.0, dtype=tf.float32)\nv_max = tf.constant(-10.0, dtype=tf.float32)\nbeta = tf.constant([], shape=[0], dtype=tf.quint8)\nbeta_min = tf.constant(-10.0, dtype=tf.float32)\nbeta_max = tf.constant(-10.0, dtype=tf.float32)\ngamma = tf.constant([], shape=[0], dtype=tf.quint8)\ngamma_min = tf.constant(-10.0, dtype=tf.float32)\ngamma_max = tf.constant(-10.0, dtype=tf.float32)\n\ntf.raw_ops.QuantizedBatchNormWithGlobalNormalization(\n t=t, t_min=t_min, t_max=t_max, m=m, m_min=m_min, m_max=m_max,\n v=v, v_min=v_min, v_max=v_max, beta=beta, beta_min=beta_min,\n beta_max=beta_max, gamma=gamma, gamma_min=gamma_min,\n gamma_max=gamma_max, out_type=tf.qint32,\n variance_epsilon=0.1, scale_after_normalization=True)\n```\n\nThis is because the [implementation](https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc) does not validate all constraints specified in the [op\u0027s contract](https://www.tensorflow.org/api_docs/python/tf/raw_ops/QuantizedBatchNormWithGlobalNormalization).\n\n### Patches \nWe have patched the issue in GitHub commit [d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b](https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b).\n\nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu X-Team",
"id": "GHSA-p45v-v4pw-77jr",
"modified": "2024-10-31T20:46:23Z",
"published": "2021-05-21T14:23:34Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p45v-v4pw-77jr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29548"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-476.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-674.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-185.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Division by 0 in `QuantizedBatchNormWithGlobalNormalization`"
}
GHSA-P484-VCHG-FF48
Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions.
{
"affected": [],
"aliases": [
"CVE-2015-7513"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-02-08T03:59:00Z",
"severity": "MODERATE"
},
"details": "arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions.",
"id": "GHSA-p484-vchg-ff48",
"modified": "2022-05-13T01:04:41Z",
"published": "2022-05-13T01:04:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7513"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/0185604c2d82c560dab2f2933a18f797e74ab5a8"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1284847"
},
{
"type": "WEB",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0185604c2d82c560dab2f2933a18f797e74ab5a8"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175792.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3434"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/01/07/2"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/79901"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1034602"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2886-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2887-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2887-2"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2888-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2889-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2889-2"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2890-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2890-2"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2890-3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P53G-QPQR-RQMG
Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2025-04-20 03:41A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.
{
"affected": [],
"aliases": [
"CVE-2017-11464"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-19T21:29:00Z",
"severity": "HIGH"
},
"details": "A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.",
"id": "GHSA-p53g-qpqr-rqmg",
"modified": "2025-04-20T03:41:05Z",
"published": "2022-05-13T01:25:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11464"
},
{
"type": "WEB",
"url": "https://github.com/GNOME/librsvg/commit/ecf9267a24b2c3c0cd211dbdfa9ef2232511972a"
},
{
"type": "WEB",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=783835"
},
{
"type": "WEB",
"url": "https://git.gnome.org/browse/librsvg/commit/?id=ecf9267a24b2c3c0cd211dbdfa9ef2232511972a"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00016.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4436-1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99956"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P6C2-6V8P-34J6
Vulnerability from github – Published: 2022-05-14 03:48 – Updated: 2022-05-14 03:48The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request.
{
"affected": [],
"aliases": [
"CVE-2015-3418"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-12-13T16:59:00Z",
"severity": "HIGH"
},
"details": "The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request.",
"id": "GHSA-p6c2-6v8p-34j6",
"modified": "2022-05-14T03:48:04Z",
"published": "2022-05-14T03:48:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3418"
},
{
"type": "WEB",
"url": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=dc777c346d5d452a53b13b917c45f6a1bad2f20b"
},
{
"type": "WEB",
"url": "https://lists.x.org/archives/xorg-announce/2015-February/002532.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-64"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/74328"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P6HW-PM34-65V4
Vulnerability from github – Published: 2024-05-19 12:30 – Updated: 2026-05-12 12:31In the Linux kernel, the following vulnerability has been resolved:
block: prevent division by zero in blk_rq_stat_sum()
The expression dst->nr_samples + src->nr_samples may have zero value on overflow. It is necessary to add a check to avoid division by zero.
Found by Linux Verification Center (linuxtesting.org) with Svace.
{
"affected": [],
"aliases": [
"CVE-2024-35925"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-19T11:15:48Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: prevent division by zero in blk_rq_stat_sum()\n\nThe expression dst-\u003enr_samples + src-\u003enr_samples may\nhave zero value on overflow. It is necessary to add\na check to avoid division by zero.\n\nFound by Linux Verification Center (linuxtesting.org) with Svace.",
"id": "GHSA-p6hw-pm34-65v4",
"modified": "2026-05-12T12:31:49Z",
"published": "2024-05-19T12:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35925"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-398330.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/21e7d72d0cfcbae6042d498ea2e6f395311767f8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/512a01da7134bac8f8b373506011e8aaa3283854"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5f7fd6aa4c4877d77133ea86c14cf256f390b2fe"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6a55dab4ac956deb23690eedd74e70b892a378e7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/93f52fbeaf4b676b21acfe42a5152620e6770d02"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/98ddf2604ade2d954bf5ec193600d5274a43fd68"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b0cb5564c3e8e0ee0a2d28c86fa7f02e82d64c3c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/edd073c78d2bf48c5b8bf435bbc3d61d6e7c6c14"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P7P9-959J-CG9P
Vulnerability from github – Published: 2022-05-17 00:26 – Updated: 2025-04-20 03:34The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2017-6835"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-20T16:59:00Z",
"severity": "MODERATE"
},
"details": "The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file.",
"id": "GHSA-p7p9-959j-cg9p",
"modified": "2025-04-20T03:34:32Z",
"published": "2022-05-17T00:26:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6835"
},
{
"type": "WEB",
"url": "https://github.com/mpruett/audiofile/issues/39"
},
{
"type": "WEB",
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P99V-QJFM-8VVQ
Vulnerability from github – Published: 2023-11-11 03:30 – Updated: 2025-06-11 15:30Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
{
"affected": [],
"aliases": [
"CVE-2023-46849"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-11T01:15:07Z",
"severity": "HIGH"
},
"details": "Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.",
"id": "GHSA-p99v-qjfm-8vvq",
"modified": "2025-06-11T15:30:24Z",
"published": "2023-11-11T03:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46849"
},
{
"type": "WEB",
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46849"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4"
},
{
"type": "WEB",
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5555"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.