CWE-369
AllowedDivide By Zero
Abstraction: Base · Status: Draft
The product divides a value by zero.
577 vulnerabilities reference this CWE, most recent first.
GHSA-R534-VWMW-5GMQ
Vulnerability from github – Published: 2025-09-05 18:31 – Updated: 2025-11-26 18:31In the Linux kernel, the following vulnerability has been resolved:
net: hibmcge: fix the division by zero issue
When the network port is down, the queue is released, and ring->len is 0. In debugfs, hbg_get_queue_used_num() will be called, which may lead to a division by zero issue.
This patch adds a check, if ring->len is 0, hbg_get_queue_used_num() directly returns 0.
{
"affected": [],
"aliases": [
"CVE-2025-38719"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-04T16:15:41Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hibmcge: fix the division by zero issue\n\nWhen the network port is down, the queue is released, and ring-\u003elen is 0.\nIn debugfs, hbg_get_queue_used_num() will be called,\nwhich may lead to a division by zero issue.\n\nThis patch adds a check, if ring-\u003elen is 0,\nhbg_get_queue_used_num() directly returns 0.",
"id": "GHSA-r534-vwmw-5gmq",
"modified": "2025-11-26T18:31:01Z",
"published": "2025-09-05T18:31:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38719"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/475e06113c615dafd44262d6d6bd37786f7f4206"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7004b26f0b64331143eb0b312e77a357a11427ce"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c945e1ad4f3b77166a3215dabc0c6c980d4a9c73"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R85G-7QGQ-6WRQ
Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2022-05-24 19:20A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.
{
"affected": [],
"aliases": [
"CVE-2020-23903"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-10T22:15:00Z",
"severity": "MODERATE"
},
"details": "A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.",
"id": "GHSA-r85g-7qgq-6wrq",
"modified": "2022-05-24T19:20:12Z",
"published": "2022-05-24T19:20:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-23903"
},
{
"type": "WEB",
"url": "https://github.com/xiph/speex/issues/13"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LXCRAYNW5ESCE2PIGTUXZNZHNYFLJ6PX"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3SEV2ZRR47GSD3M7O5PH4XEJMKJJNG2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R8HX-F24G-25MV
Vulnerability from github – Published: 2024-05-01 06:31 – Updated: 2024-07-03 18:37In the Linux kernel, the following vulnerability has been resolved:
crypto: iaa - Fix nr_cpus < nr_iaa case
If nr_cpus < nr_iaa, the calculated cpus_per_iaa will be 0, which causes a divide-by-0 in rebalance_wq_table().
Make sure cpus_per_iaa is 1 in that case, and also in the nr_iaa == 0 case, even though cpus_per_iaa is never used if nr_iaa == 0, for paranoia.
{
"affected": [],
"aliases": [
"CVE-2024-26945"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-01T06:15:10Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: iaa - Fix nr_cpus \u003c nr_iaa case\n\nIf nr_cpus \u003c nr_iaa, the calculated cpus_per_iaa will be 0, which\ncauses a divide-by-0 in rebalance_wq_table().\n\nMake sure cpus_per_iaa is 1 in that case, and also in the nr_iaa == 0\ncase, even though cpus_per_iaa is never used if nr_iaa == 0, for\nparanoia.",
"id": "GHSA-r8hx-f24g-25mv",
"modified": "2024-07-03T18:37:58Z",
"published": "2024-05-01T06:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26945"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5a7e89d3315d1be86aff8a8bf849023cda6547f7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a5ca1be7f9817de4e93085778b3ee2219bdc2664"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RF3H-XGV5-2Q39
Vulnerability from github – Published: 2021-05-21 14:28 – Updated: 2024-11-13 16:08Impact
The implementation of the DepthwiseConv TFLite operator is vulnerable to a division by zero error:
int num_input_channels = SizeOfDimension(input, 3);
TF_LITE_ENSURE_EQ(context, num_filter_channels % num_input_channels, 0);
An attacker can craft a model such that input's fourth dimension would be 0.
Patches
We have patched the issue in GitHub commit cbda3c6b2dbbd3fbdc482ff8c0170a78ec2e97d0.
The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29602"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-17T22:29:55Z",
"nvd_published_at": "2021-05-14T20:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nThe implementation of the `DepthwiseConv` TFLite operator is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/1a8e885b864c818198a5b2c0cbbeca5a1e833bc8/tensorflow/lite/kernels/depthwise_conv.cc#L287-L288):\n\n```cc\nint num_input_channels = SizeOfDimension(input, 3);\nTF_LITE_ENSURE_EQ(context, num_filter_channels % num_input_channels, 0);\n```\n\nAn attacker can craft a model such that `input`\u0027s fourth dimension would be 0.\n\n### Patches\nWe have patched the issue in GitHub commit [cbda3c6b2dbbd3fbdc482ff8c0170a78ec2e97d0](https://github.com/tensorflow/tensorflow/commit/cbda3c6b2dbbd3fbdc482ff8c0170a78ec2e97d0).\n\nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\n\n### For more information \nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
"id": "GHSA-rf3h-xgv5-2q39",
"modified": "2024-11-13T16:08:49Z",
"published": "2021-05-21T14:28:12Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rf3h-xgv5-2q39"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29602"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/cbda3c6b2dbbd3fbdc482ff8c0170a78ec2e97d0"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-530.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-728.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-239.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/blob/1a8e885b864c818198a5b2c0cbbeca5a1e833bc8/tensorflow/lite/kernels/depthwise_conv.cc#L287-L288"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Division by zero in TFLite\u0027s implementation of `DepthwiseConv`"
}
GHSA-RFH9-X593-FMPR
Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-06-01 18:31In the Linux kernel, the following vulnerability has been resolved:
staging: sm750fb: fix division by zero in ps_to_hz()
ps_to_hz() is called from hw_sm750_crtc_set_mode() without validating that pixclock is non-zero. A zero pixclock passed via FBIOPUT_VSCREENINFO causes a division by zero.
Fix by rejecting zero pixclock in lynxfb_ops_check_var(), consistent with other framebuffer drivers.
{
"affected": [],
"aliases": [
"CVE-2026-31603"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-24T15:16:39Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: sm750fb: fix division by zero in ps_to_hz()\n\nps_to_hz() is called from hw_sm750_crtc_set_mode() without validating\nthat pixclock is non-zero. A zero pixclock passed via FBIOPUT_VSCREENINFO\ncauses a division by zero.\n\nFix by rejecting zero pixclock in lynxfb_ops_check_var(), consistent\nwith other framebuffer drivers.",
"id": "GHSA-rfh9-x593-fmpr",
"modified": "2026-06-01T18:31:27Z",
"published": "2026-04-24T15:32:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31603"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/124a43550db8a74eef080cd4573a4904efe67029"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1412ba36597a82e928f20047f41d6c6582dafe8a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2f640c6043aeab31a2f607d7605271860c3b11df"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3300b049693138852a4c6738b5f1194a1ee91ddd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6144895a4335a2491c282931f1f2fa610b86339f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/75a1621e4f91310673c9acbcbb25c2a7ff821cd3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/779412e0e391fd4a0d12e1d1adaa7bf043de62d7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b285a8f3bbb821a93eb37c2740a68ca1d7112a59"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/daf6733bd7c4c5015b431739ac29b0e29021096b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RFQP-QC69-JHVM
Vulnerability from github – Published: 2022-03-16 00:00 – Updated: 2022-03-23 00:00Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
{
"affected": [],
"aliases": [
"CVE-2021-42391"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-14T23:15:00Z",
"severity": "MODERATE"
},
"details": "Divide-by-zero in Clickhouse\u0027s Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.",
"id": "GHSA-rfqp-qc69-jhvm",
"modified": "2022-03-23T00:00:45Z",
"published": "2022-03-16T00:00:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42391"
},
{
"type": "WEB",
"url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RG9Q-M8HV-XXR6
Vulnerability from github – Published: 2024-01-03 09:30 – Updated: 2024-11-22 18:19FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "PaddlePaddle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-52306"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-03T21:55:59Z",
"nvd_published_at": "2024-01-03T09:15:09Z",
"severity": "MODERATE"
},
"details": "FPE in paddle.lerp\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\n\n\n\n",
"id": "GHSA-rg9q-m8hv-xxr6",
"modified": "2024-11-22T18:19:09Z",
"published": "2024-01-03T09:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52306"
},
{
"type": "WEB",
"url": "https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"
},
{
"type": "PACKAGE",
"url": "https://github.com/PaddlePaddle/Paddle"
},
{
"type": "WEB",
"url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-015.md"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-138.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "PaddlePaddle floating point exception in paddle.lerp"
}
GHSA-RHRQ-64MQ-HF9H
Vulnerability from github – Published: 2021-08-25 14:40 – Updated: 2024-11-13 21:16Impact
The implementation of division in TFLite is vulnerable to a division by 0 error
There is no check that the divisor tensor does not contain zero elements.
Patches
We have patched the issue in GitHub commit 1e206baedf8bef0334cca3eb92bab134ef525a28.
The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
}
],
"aliases": [
"CVE-2021-37683"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-24T17:06:32Z",
"nvd_published_at": "2021-08-12T23:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nThe implementation of division in TFLite is [vulnerable to a division by 0 error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/div.cc)\n\nThere is no check that the divisor tensor does not contain zero elements.\n\n### Patches\nWe have patched the issue in GitHub commit [1e206baedf8bef0334cca3eb92bab134ef525a28](https://github.com/tensorflow/tensorflow/commit/1e206baedf8bef0334cca3eb92bab134ef525a28).\n\nThe fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
"id": "GHSA-rhrq-64mq-hf9h",
"modified": "2024-11-13T21:16:41Z",
"published": "2021-08-25T14:40:16Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rhrq-64mq-hf9h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37683"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/1e206baedf8bef0334cca3eb92bab134ef525a28"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-596.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-794.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-305.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/div.cc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "FPE in TFLite division operations"
}
GHSA-RJ64-24F8-R32G
Vulnerability from github – Published: 2024-05-22 09:31 – Updated: 2025-09-29 18:33In the Linux kernel, the following vulnerability has been resolved:
usbnet: sanity check for maxpacket
maxpacket of 0 makes no sense and oopses as we need to divide by it. Give up.
V2: fixed typo in log and stylistic issues
{
"affected": [],
"aliases": [
"CVE-2021-47495"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-22T09:15:11Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: sanity check for maxpacket\n\nmaxpacket of 0 makes no sense and oopses as we need to divide\nby it. Give up.\n\nV2: fixed typo in log and stylistic issues",
"id": "GHSA-rj64-24f8-r32g",
"modified": "2025-09-29T18:33:08Z",
"published": "2024-05-22T09:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47495"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/002d82227c0abe29118cf80f7e2f396b22d448ed"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/397430b50a363d8b7bdda00522123f82df6adc5e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/492140e45d2bf27c1014243f8616a9b612144e20"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/524f333e98138d909a0a0c574a9ff6737dce2767"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/693ecbe8f799405f8775719deedb1f76265d375a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/74b3b27cf9fecce00cd8918b7882fd81191d0aa4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7e8b6a4f18edee070213cb6a77118e8a412253c5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b9eba0a4a527e04d712f0e0401e5391ef124b33e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RJH9-HQ94-CRMG
Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2023-05-22 03:30A flaw was found in ImageMagick in MagickCore/gem.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.10-56.
{
"affected": [],
"aliases": [
"CVE-2021-20176"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-06T00:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in ImageMagick in MagickCore/gem.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.10-56.",
"id": "GHSA-rjh9-hq94-crmg",
"modified": "2023-05-22T03:30:15Z",
"published": "2022-05-24T17:41:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20176"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/3077"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916610"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.