Common Weakness Enumeration

CWE-369

Allowed

Divide By Zero

Abstraction: Base · Status: Draft

The product divides a value by zero.

577 vulnerabilities reference this CWE, most recent first.

GHSA-QCRG-PPMG-4FM2

Vulnerability from github – Published: 2022-05-14 01:27 – Updated: 2025-04-20 03:41
VLAI
Details

The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-11359"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-31T13:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file.",
  "id": "GHSA-qcrg-ppmg-4fm2",
  "modified": "2025-04-20T03:41:40Z",
  "published": "2022-05-14T01:27:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11359"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00043.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201810-02"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/42398"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2017/Jul/81"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QCWG-RWQ9-X4XJ

Vulnerability from github – Published: 2024-09-27 15:30 – Updated: 2024-10-02 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix the warning division or modulo by zero

Checks the partition mode and returns an error for an invalid mode.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-46806"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-27T13:15:13Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the warning division or modulo by zero\n\nChecks the partition mode and returns an error for an invalid mode.",
  "id": "GHSA-qcwg-rwq9-x4xj",
  "modified": "2024-10-02T15:30:37Z",
  "published": "2024-09-27T15:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46806"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a01618adcba78c6bd6c4557a4a5e32f58b658cd1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d116bb921e8b104f45d1f30a473ea99ef4262b9a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QFM8-GX7G-79MV

Vulnerability from github – Published: 2022-05-14 03:36 – Updated: 2025-04-20 03:34
VLAI
Details

LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-10266"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-24T19:59:00Z",
    "severity": "MODERATE"
  },
  "details": "LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22.",
  "id": "GHSA-qfm8-gx7g-79mv",
  "modified": "2025-04-20T03:34:47Z",
  "published": "2022-05-14T03:36:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10266"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vadz/libtiff/commit/438274f938e046d33cb0e1230b41da32ffe223e1"
    },
    {
      "type": "WEB",
      "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3602-1"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3844"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97115"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QFXP-89FR-H27X

Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-11 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: ccs: Avoid possible division by zero

Calculating maximum M for scaler configuration involves dividing by MIN_X_OUTPUT_SIZE limit register's value. Albeit the value is presumably non-zero, the driver was missing the check it in fact was. Fix this.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43182"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-06T12:16:36Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ccs: Avoid possible division by zero\n\nCalculating maximum M for scaler configuration involves dividing by\nMIN_X_OUTPUT_SIZE limit register\u0027s value. Albeit the value is presumably\nnon-zero, the driver was missing the check it in fact was. Fix this.",
  "id": "GHSA-qfxp-89fr-h27x",
  "modified": "2026-05-11T21:31:30Z",
  "published": "2026-05-06T12:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43182"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/32a21ed2ad743fe2d12af48e627089b921a032c2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/679f0b7b6a409750a25754c8833e268e5fdde742"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8ca7df18e7a58a0e5b0ed9eaaa34e16fc5cb9680"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9aae0f31d37a8facd25e37c0f0709ea08de83802"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a8ff58cc8c7514c278ba0ea2c787d4bf9eeb355d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b6e0529c300e44153fc6f3b565e28163caf1f031"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c9af1818387f5c6f543e2e02c40b3038eae86be8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QG48-85HG-MQC5

Vulnerability from github – Published: 2021-05-21 14:23 – Updated: 2024-10-31 20:52
VLAI
Summary
Division by 0 in `DenseCountSparseOutput`
Details

Impact

An attacker can cause a denial of service via a FPE runtime error in tf.raw_ops.DenseCountSparseOutput:

import tensorflow as tf

values = tf.constant([], shape=[0, 0], dtype=tf.int64)
weights = tf.constant([])

tf.raw_ops.DenseCountSparseOutput(
  values=values, weights=weights,
  minlength=-1, maxlength=58, binary_output=True)

This is because the implementation computes a divisor value from user data but does not check that the result is 0 before doing the division:

int num_batch_elements = 1;
for (int i = 0; i < num_batch_dimensions; ++i) {
  num_batch_elements *= data.shape().dim_size(i);
}
int num_value_elements = data.shape().num_elements() / num_batch_elements;

Since data is given by the values argument, num_batch_elements is 0.

Patches

We have patched the issue in GitHub commit da5ff2daf618591f64b2b62d9d9803951b945e9f.

The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, and TensorFlow 2.3.3, as these are also affected.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu X-Team.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-29554"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-18T20:58:24Z",
    "nvd_published_at": "2021-05-14T19:15:00Z",
    "severity": "LOW"
  },
  "details": "### Impact\nAn attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.DenseCountSparseOutput`:\n\n```python\nimport tensorflow as tf\n\nvalues = tf.constant([], shape=[0, 0], dtype=tf.int64)\nweights = tf.constant([])\n\ntf.raw_ops.DenseCountSparseOutput(\n  values=values, weights=weights,\n  minlength=-1, maxlength=58, binary_output=True)\n```\n  \nThis is because the [implementation](https://github.com/tensorflow/tensorflow/blob/efff014f3b2d8ef6141da30c806faf141297eca1/tensorflow/core/kernels/count_ops.cc#L123-L127) computes a divisor value from user data but does not check that the result is 0 before doing the division:\n\n```cc\nint num_batch_elements = 1;\nfor (int i = 0; i \u003c num_batch_dimensions; ++i) {\n  num_batch_elements *= data.shape().dim_size(i);\n}\nint num_value_elements = data.shape().num_elements() / num_batch_elements;\n```\n\nSince `data` is given by the `values` argument, `num_batch_elements` is 0.\n\n### Patches\nWe have patched the issue in GitHub commit [da5ff2daf618591f64b2b62d9d9803951b945e9f](https://github.com/tensorflow/tensorflow/commit/da5ff2daf618591f64b2b62d9d9803951b945e9f).\n\nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, and TensorFlow 2.3.3, as these are also affected.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu X-Team.",
  "id": "GHSA-qg48-85hg-mqc5",
  "modified": "2024-10-31T20:52:11Z",
  "published": "2021-05-21T14:23:55Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qg48-85hg-mqc5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29554"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/da5ff2daf618591f64b2b62d9d9803951b945e9f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-482.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-680.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-191.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Division by 0 in `DenseCountSparseOutput`"
}

GHSA-QH5P-HC8X-V67X

Vulnerability from github – Published: 2024-06-19 15:30 – Updated: 2024-10-31 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: netlink: af_netlink: Prevent empty skb by adding a check on len.

Adding a check on len parameter to avoid empty skb. This prevents a division error in netem_enqueue function which is caused when skb->len=0 and skb->data_len=0 in the randomized corruption step as shown below.

skb->data[prandom_u32() % skb_headlen(skb)] ^= 1<<(prandom_u32() % 8);

Crash Report: [ 343.170349] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.216110] netem: version 1.3 [ 343.235841] divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 343.236680] CPU: 3 PID: 4288 Comm: reproducer Not tainted 5.16.0-rc1+ [ 343.237569] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014 [ 343.238707] RIP: 0010:netem_enqueue+0x1590/0x33c0 [sch_netem] [ 343.239499] Code: 89 85 58 ff ff ff e8 5f 5d e9 d3 48 8b b5 48 ff ff ff 8b 8d 50 ff ff ff 8b 85 58 ff ff ff 48 8b bd 70 ff ff ff 31 d2 2b 4f 74 f1 48 b8 00 00 00 00 00 fc ff df 49 01 d5 4c 89 e9 48 c1 e9 03 [ 343.241883] RSP: 0018:ffff88800bcd7368 EFLAGS: 00010246 [ 343.242589] RAX: 00000000ba7c0a9c RBX: 0000000000000001 RCX: 0000000000000000 [ 343.243542] RDX: 0000000000000000 RSI: ffff88800f8edb10 RDI: ffff88800f8eda40 [ 343.244474] RBP: ffff88800bcd7458 R08: 0000000000000000 R09: ffffffff94fb8445 [ 343.245403] R10: ffffffff94fb8336 R11: ffffffff94fb8445 R12: 0000000000000000 [ 343.246355] R13: ffff88800a5a7000 R14: ffff88800a5b5800 R15: 0000000000000020 [ 343.247291] FS: 00007fdde2bd7700(0000) GS:ffff888109780000(0000) knlGS:0000000000000000 [ 343.248350] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 343.249120] CR2: 00000000200000c0 CR3: 000000000ef4c000 CR4: 00000000000006e0 [ 343.250076] Call Trace: [ 343.250423] [ 343.250713] ? memcpy+0x4d/0x60 [ 343.251162] ? netem_init+0xa0/0xa0 [sch_netem] [ 343.251795] ? __sanitizer_cov_trace_pc+0x21/0x60 [ 343.252443] netem_enqueue+0xe28/0x33c0 [sch_netem] [ 343.253102] ? stack_trace_save+0x87/0xb0 [ 343.253655] ? filter_irq_stacks+0xb0/0xb0 [ 343.254220] ? netem_init+0xa0/0xa0 [sch_netem] [ 343.254837] ? __kasan_check_write+0x14/0x20 [ 343.255418] ? _raw_spin_lock+0x88/0xd6 [ 343.255953] dev_qdisc_enqueue+0x50/0x180 [ 343.256508] __dev_queue_xmit+0x1a7e/0x3090 [ 343.257083] ? netdev_core_pick_tx+0x300/0x300 [ 343.257690] ? check_kcov_mode+0x10/0x40 [ 343.258219] ? _raw_spin_unlock_irqrestore+0x29/0x40 [ 343.258899] ? __kasan_init_slab_obj+0x24/0x30 [ 343.259529] ? setup_object.isra.71+0x23/0x90 [ 343.260121] ? new_slab+0x26e/0x4b0 [ 343.260609] ? kasan_poison+0x3a/0x50 [ 343.261118] ? kasan_unpoison+0x28/0x50 [ 343.261637] ? __kasan_slab_alloc+0x71/0x90 [ 343.262214] ? memcpy+0x4d/0x60 [ 343.262674] ? write_comp_data+0x2f/0x90 [ 343.263209] ? __kasan_check_write+0x14/0x20 [ 343.263802] ? __skb_clone+0x5d6/0x840 [ 343.264329] ? __sanitizer_cov_trace_pc+0x21/0x60 [ 343.264958] dev_queue_xmit+0x1c/0x20 [ 343.265470] netlink_deliver_tap+0x652/0x9c0 [ 343.266067] netlink_unicast+0x5a0/0x7f0 [ 343.266608] ? netlink_attachskb+0x860/0x860 [ 343.267183] ? __sanitizer_cov_trace_pc+0x21/0x60 [ 343.267820] ? write_comp_data+0x2f/0x90 [ 343.268367] netlink_sendmsg+0x922/0xe80 [ 343.268899] ? netlink_unicast+0x7f0/0x7f0 [ 343.269472] ? __sanitizer_cov_trace_pc+0x21/0x60 [ 343.270099] ? write_comp_data+0x2f/0x90 [ 343.270644] ? netlink_unicast+0x7f0/0x7f0 [ 343.271210] sock_sendmsg+0x155/0x190 [ 343.271721] _syssendmsg+0x75f/0x8f0 [ 343.272262] ? kernel_sendmsg+0x60/0x60 [ 343.272788] ? write_comp_data+0x2f/0x90 [ 343.273332] ? write_comp_data+0x2f/0x90 [ 343.273869] _sys_sendmsg+0x10f/0x190 [ 343.274405] ? sendmsg_copy_msghdr+0x80/0x80 [ 343.274984] ? slab_post_alloc_hook+0x70/0x230 [ 343.275597] ? futex_wait_setup+0x240/0x240 [ 343.276175] ? security_file_alloc+0x3e/0x170 [ 343.276779] ? write_comp_d ---truncated---

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47606"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-19T15:15:55Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: netlink: af_netlink: Prevent empty skb by adding a check on len.\n\nAdding a check on len parameter to avoid empty skb. This prevents a\ndivision error in netem_enqueue function which is caused when skb-\u003elen=0\nand skb-\u003edata_len=0 in the randomized corruption step as shown below.\n\nskb-\u003edata[prandom_u32() % skb_headlen(skb)] ^= 1\u003c\u003c(prandom_u32() % 8);\n\nCrash Report:\n[  343.170349] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family\n0 port 6081 - 0\n[  343.216110] netem: version 1.3\n[  343.235841] divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\n[  343.236680] CPU: 3 PID: 4288 Comm: reproducer Not tainted 5.16.0-rc1+\n[  343.237569] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS 1.11.0-2.el7 04/01/2014\n[  343.238707] RIP: 0010:netem_enqueue+0x1590/0x33c0 [sch_netem]\n[  343.239499] Code: 89 85 58 ff ff ff e8 5f 5d e9 d3 48 8b b5 48 ff ff\nff 8b 8d 50 ff ff ff 8b 85 58 ff ff ff 48 8b bd 70 ff ff ff 31 d2 2b 4f\n74 \u003cf7\u003e f1 48 b8 00 00 00 00 00 fc ff df 49 01 d5 4c 89 e9 48 c1 e9 03\n[  343.241883] RSP: 0018:ffff88800bcd7368 EFLAGS: 00010246\n[  343.242589] RAX: 00000000ba7c0a9c RBX: 0000000000000001 RCX:\n0000000000000000\n[  343.243542] RDX: 0000000000000000 RSI: ffff88800f8edb10 RDI:\nffff88800f8eda40\n[  343.244474] RBP: ffff88800bcd7458 R08: 0000000000000000 R09:\nffffffff94fb8445\n[  343.245403] R10: ffffffff94fb8336 R11: ffffffff94fb8445 R12:\n0000000000000000\n[  343.246355] R13: ffff88800a5a7000 R14: ffff88800a5b5800 R15:\n0000000000000020\n[  343.247291] FS:  00007fdde2bd7700(0000) GS:ffff888109780000(0000)\nknlGS:0000000000000000\n[  343.248350] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  343.249120] CR2: 00000000200000c0 CR3: 000000000ef4c000 CR4:\n00000000000006e0\n[  343.250076] Call Trace:\n[  343.250423]  \u003cTASK\u003e\n[  343.250713]  ? memcpy+0x4d/0x60\n[  343.251162]  ? netem_init+0xa0/0xa0 [sch_netem]\n[  343.251795]  ? __sanitizer_cov_trace_pc+0x21/0x60\n[  343.252443]  netem_enqueue+0xe28/0x33c0 [sch_netem]\n[  343.253102]  ? stack_trace_save+0x87/0xb0\n[  343.253655]  ? filter_irq_stacks+0xb0/0xb0\n[  343.254220]  ? netem_init+0xa0/0xa0 [sch_netem]\n[  343.254837]  ? __kasan_check_write+0x14/0x20\n[  343.255418]  ? _raw_spin_lock+0x88/0xd6\n[  343.255953]  dev_qdisc_enqueue+0x50/0x180\n[  343.256508]  __dev_queue_xmit+0x1a7e/0x3090\n[  343.257083]  ? netdev_core_pick_tx+0x300/0x300\n[  343.257690]  ? check_kcov_mode+0x10/0x40\n[  343.258219]  ? _raw_spin_unlock_irqrestore+0x29/0x40\n[  343.258899]  ? __kasan_init_slab_obj+0x24/0x30\n[  343.259529]  ? setup_object.isra.71+0x23/0x90\n[  343.260121]  ? new_slab+0x26e/0x4b0\n[  343.260609]  ? kasan_poison+0x3a/0x50\n[  343.261118]  ? kasan_unpoison+0x28/0x50\n[  343.261637]  ? __kasan_slab_alloc+0x71/0x90\n[  343.262214]  ? memcpy+0x4d/0x60\n[  343.262674]  ? write_comp_data+0x2f/0x90\n[  343.263209]  ? __kasan_check_write+0x14/0x20\n[  343.263802]  ? __skb_clone+0x5d6/0x840\n[  343.264329]  ? __sanitizer_cov_trace_pc+0x21/0x60\n[  343.264958]  dev_queue_xmit+0x1c/0x20\n[  343.265470]  netlink_deliver_tap+0x652/0x9c0\n[  343.266067]  netlink_unicast+0x5a0/0x7f0\n[  343.266608]  ? netlink_attachskb+0x860/0x860\n[  343.267183]  ? __sanitizer_cov_trace_pc+0x21/0x60\n[  343.267820]  ? write_comp_data+0x2f/0x90\n[  343.268367]  netlink_sendmsg+0x922/0xe80\n[  343.268899]  ? netlink_unicast+0x7f0/0x7f0\n[  343.269472]  ? __sanitizer_cov_trace_pc+0x21/0x60\n[  343.270099]  ? write_comp_data+0x2f/0x90\n[  343.270644]  ? netlink_unicast+0x7f0/0x7f0\n[  343.271210]  sock_sendmsg+0x155/0x190\n[  343.271721]  ____sys_sendmsg+0x75f/0x8f0\n[  343.272262]  ? kernel_sendmsg+0x60/0x60\n[  343.272788]  ? write_comp_data+0x2f/0x90\n[  343.273332]  ? write_comp_data+0x2f/0x90\n[  343.273869]  ___sys_sendmsg+0x10f/0x190\n[  343.274405]  ? sendmsg_copy_msghdr+0x80/0x80\n[  343.274984]  ? slab_post_alloc_hook+0x70/0x230\n[  343.275597]  ? futex_wait_setup+0x240/0x240\n[  343.276175]  ? security_file_alloc+0x3e/0x170\n[  343.276779]  ? write_comp_d\n---truncated---",
  "id": "GHSA-qh5p-hc8x-v67x",
  "modified": "2024-10-31T15:30:58Z",
  "published": "2024-06-19T15:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47606"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/40cf2e058832d9cfaae98dfd77334926275598b6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4c986072a8c9249b9398c7a18f216dc26a9f0e35"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/54e785f7d5c197bc06dbb8053700df7e2a093ced"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c0315e93552e0d840e9edc6abd71c7db82ec8f51"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c54a60c8fbaa774f828e26df79f66229a8a0e010"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dadce61247c6230489527cc5e343b6002d1114c5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f123cffdd8fe8ea6c7fded4b88516a42798797d0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ff3f517bf7138e01a17369042908a3f345c0ee41"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJHC-7F62-C8XV

Vulnerability from github – Published: 2025-07-10 09:32 – Updated: 2026-05-12 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()

In fb_find_mode_cvt(), iff mode->refresh somehow happens to be 0x80000000, cvt.f_refresh will become 0 when multiplying it by 2 due to overflow. It's then passed to fb_cvt_hperiod(), where it's used as a divider -- division by 0 will result in kernel oops. Add a sanity check for cvt.f_refresh to avoid such overflow...

Found by Linux Verification Center (linuxtesting.org) with the Svace static analysis tool.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38312"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-10T08:15:30Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()\n\nIn fb_find_mode_cvt(), iff mode-\u003erefresh somehow happens to be 0x80000000,\ncvt.f_refresh will become 0 when multiplying it by 2 due to overflow. It\u0027s\nthen passed to fb_cvt_hperiod(), where it\u0027s used as a divider -- division\nby 0 will result in kernel oops. Add a sanity check for cvt.f_refresh to\navoid such overflow...\n\nFound by Linux Verification Center (linuxtesting.org) with the Svace static\nanalysis tool.",
  "id": "GHSA-qjhc-7f62-c8xv",
  "modified": "2026-05-12T15:30:55Z",
  "published": "2025-07-10T09:32:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38312"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2d63433e8eaa3c91b2948190e395bc67009db0d9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3f6dae09fc8c306eb70fdfef70726e1f154e173a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/53784073cbad18f75583fd3da9ffdfc4d1f05405"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/54947530663edcbaaee1314c01fdd8c72861b124"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/610f247f2772e4f92b63442125a1b7ade79898d8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9027ce4c037b566b658b8939a76326b7125e3627"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ab91647acdf43b984824776559a452212eaeb21a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b235393b9f43ff86a38ca2bde6372312ea215dc5"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJHH-9RQJ-7H84

Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2025-04-20 03:37
VLAI
Details

The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted archive.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-8842"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-08T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted archive.",
  "id": "GHSA-qjhh-9rqj-7h84",
  "modified": "2025-04-20T03:37:20Z",
  "published": "2022-05-13T01:26:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8842"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ckolivas/lrzip/issues/66"
    },
    {
      "type": "WEB",
      "url": "https://blogs.gentoo.org/ago/2017/05/07/lrzip-divide-by-zero-in-bufreadget-libzpaq-h"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202005-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJJ8-32P7-H289

Vulnerability from github – Published: 2021-08-25 14:43 – Updated: 2024-11-13 17:27
VLAI
Summary
Division by 0 in `ResourceGather`
Details

Impact

An attacker can trigger a crash via a floating point exception in tf.raw_ops.ResourceGather:

import tensorflow as tf

tensor = tf.constant(value=[[]],shape=(0,1),dtype=tf.uint32)
v = tf.Variable(tensor)
tf.raw_ops.ResourceGather(
  resource=v.handle,
  indices=[0],
  dtype=tf.uint32,
  batch_dims=1,
  validate_indices=False)

The implementation computes the value of a value, batch_size, and then divides by it without checking that this value is not 0.

Patches

We have patched the issue in GitHub commit ac117ee8a8ea57b73d34665cdf00ef3303bc0b11.

The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by members of the Aivul Team from Qihoo 360.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.5.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.5.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.5.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2021-37653"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-24T12:41:26Z",
    "nvd_published_at": "2021-08-12T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nAn attacker can trigger a crash via a floating point exception in `tf.raw_ops.ResourceGather`:\n\n```python\nimport tensorflow as tf\n\ntensor = tf.constant(value=[[]],shape=(0,1),dtype=tf.uint32)\nv = tf.Variable(tensor)\ntf.raw_ops.ResourceGather(\n  resource=v.handle,\n  indices=[0],\n  dtype=tf.uint32,\n  batch_dims=1,\n  validate_indices=False)\n```\n\nThe [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L725-L731) computes the value of a value, `batch_size`, and then divides by it without checking that this value is not 0. \n\n### Patches\nWe have patched the issue in GitHub commit  [ac117ee8a8ea57b73d34665cdf00ef3303bc0b11](https://github.com/tensorflow/tensorflow/commit/ac117ee8a8ea57b73d34665cdf00ef3303bc0b11).\n\nThe fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. \n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
  "id": "GHSA-qjj8-32p7-h289",
  "modified": "2024-11-13T17:27:41Z",
  "published": "2021-08-25T14:43:04Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjj8-32p7-h289"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37653"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/ac117ee8a8ea57b73d34665cdf00ef3303bc0b11"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-566.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-764.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-275.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Division by 0 in `ResourceGather`"
}

GHSA-QM8M-4G9C-J864

Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-05-24 19:02
VLAI
Details

Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-20253"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-18T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.",
  "id": "GHSA-qm8m-4g9c-j864",
  "modified": "2022-05-24T19:02:43Z",
  "published": "2022-05-24T19:02:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20253"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cq674350529/pocs_slides/blob/master/pocs/MikroTik/vul_lcdstat_4/README.md"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/May/14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.