CWE-369
AllowedDivide By Zero
Abstraction: Base · Status: Draft
The product divides a value by zero.
577 vulnerabilities reference this CWE, most recent first.
GHSA-7GGJ-C3F3-CJQM
Vulnerability from github – Published: 2022-05-13 01:40 – Updated: 2022-05-13 01:40Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65122447.
{
"affected": [],
"aliases": [
"CVE-2017-0857"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-16T23:29:00Z",
"severity": "HIGH"
},
"details": "Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65122447.",
"id": "GHSA-7ggj-c3f3-cjqm",
"modified": "2022-05-13T01:40:51Z",
"published": "2022-05-13T01:40:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0857"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7H24-C332-P48C
Vulnerability from github – Published: 2025-07-30 16:33 – Updated: 2025-07-31 11:18Summary
Untrusted, user-controlled data from the HTTP Proxy-Authorization header can induce a denial of service state.
Details
Untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::try_from and flows into parse_ttl_extension where it is parsed as a TTL value. If an attacker supplies a TTL of zero (e.g. by using a username such as 'configuredUser-ttl-0'), the modulo operation 'timestamp % ttl' will cause a division by zero panic, causing the server to crash causing a denial-of-service.
The code assumed to be responsible for this can be found here: https://github.com/0x676e67/vproxy/blob/ab304c3854bf8480be577039ada0228907ba0923/src/extension.rs#L173-L183
PoC
- Download and run the latest version of vproxy
- Send a cUrl request like the following, adjusting address and port as necessary:
curl -x "http://test-ttl-0:test@127.0.0.1:8101" https://google.com - Wait for a cUrl error indicating "Proxy CONNECT aborted"
- View logs from the vproxy server
- Observe that the vproxy server crashed due to a divide-by-zero panic
Impact
The resulting crash renders the proxy server unusable until it is reset.
Finally, one last note: I'm reporting this on behalf of another researcher at Black Duck. Credit for discovery should be attributed to David Bohannon (dbohannon)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.3.3"
},
"package": {
"ecosystem": "crates.io",
"name": "vproxy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-54581"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-30T16:33:41Z",
"nvd_published_at": "2025-07-30T20:15:37Z",
"severity": "HIGH"
},
"details": "### Summary\nUntrusted, user-controlled data from the HTTP Proxy-Authorization header can induce a denial of service state.\n\n### Details\nUntrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::try_from and flows into parse_ttl_extension where it is parsed as a TTL value. If an attacker supplies a TTL of zero (e.g. by using a username such as \u0027configuredUser-ttl-0\u0027), the modulo operation \u0027timestamp % ttl\u0027 will cause a division by zero panic, causing the server to crash causing a denial-of-service.\n\nThe code assumed to be responsible for this can be found here: https://github.com/0x676e67/vproxy/blob/ab304c3854bf8480be577039ada0228907ba0923/src/extension.rs#L173-L183\n\n### PoC\n1. Download and run the latest version of vproxy\n2. Send a cUrl request like the following, adjusting address and port as necessary: ```curl -x \"http://test-ttl-0:test@127.0.0.1:8101\" https://google.com```\n3. Wait for a cUrl error indicating \"Proxy CONNECT aborted\"\n4. View logs from the vproxy server\n5. Observe that the vproxy server crashed due to a divide-by-zero panic\n\n### Impact\nThe resulting crash renders the proxy server unusable until it is reset.\n\nFinally, one last note: I\u0027m reporting this on behalf of another researcher at Black Duck. Credit for discovery should be attributed to David Bohannon ([dbohannon](https://github.com/dbohannon))",
"id": "GHSA-7h24-c332-p48c",
"modified": "2025-07-31T11:18:29Z",
"published": "2025-07-30T16:33:41Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/0x676e67/vproxy/security/advisories/GHSA-7h24-c332-p48c"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54581"
},
{
"type": "WEB",
"url": "https://github.com/0x676e67/vproxy/commit/aa1bf64c5e7f1c471395f9f29175ffc1b16a1079"
},
{
"type": "PACKAGE",
"url": "https://github.com/0x676e67/vproxy"
},
{
"type": "WEB",
"url": "https://github.com/0x676e67/vproxy/releases/tag/v2.4.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "vproxy Divide by Zero DoS Vulnerability"
}
GHSA-7HHV-RCH7-RFMJ
Vulnerability from github – Published: 2022-05-14 01:09 – Updated: 2022-05-14 01:09In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.
{
"affected": [],
"aliases": [
"CVE-2017-18360"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-31T09:29:00Z",
"severity": "MODERATE"
},
"details": "In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.",
"id": "GHSA-7hhv-rch7-rfmj",
"modified": "2022-05-14T01:09:46Z",
"published": "2022-05-14T01:09:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18360"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/6aeb75e6adfaed16e58780309613a578fe1ee90b"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1123706"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.3"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3933-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3933-2"
},
{
"type": "WEB",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6aeb75e6adfaed16e58780309613a578fe1ee90b"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106802"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7HR2-9RF8-GX6Q
Vulnerability from github – Published: 2024-09-18 09:30 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check denominator crb_pipes before used
[WHAT & HOW] A denominator cannot be 0, and is checked before used.
This fixes 2 DIVIDE_BY_ZERO issues reported by Coverity.
{
"affected": [],
"aliases": [
"CVE-2024-46772"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-18T08:15:05Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check denominator crb_pipes before used\n\n[WHAT \u0026 HOW]\nA denominator cannot be 0, and is checked before used.\n\nThis fixes 2 DIVIDE_BY_ZERO issues reported by Coverity.",
"id": "GHSA-7hr2-9rf8-gx6q",
"modified": "2025-11-03T21:31:13Z",
"published": "2024-09-18T09:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46772"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/04805efe8623f8721f3c01182ea73d68e88c62d8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b9264aa24f628eba5779d1c916441e0cedde9b3d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ea79068d4073bf303f8203f2625af7d9185a1bc6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ede06d23392529b039cf7ac11b5875b047900f1c"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7JCP-9QQ9-8RJQ
Vulnerability from github – Published: 2026-05-14 18:32 – Updated: 2026-05-14 18:32An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_audio_caps function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero.
{
"affected": [],
"aliases": [
"CVE-2026-46470"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-14T18:16:50Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin\u0027s qtdemux_audio_caps function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero.",
"id": "GHSA-7jcp-9qq9-8rjq",
"modified": "2026-05-14T18:32:57Z",
"published": "2026-05-14T18:32:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46470"
},
{
"type": "WEB",
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11243.patch"
},
{
"type": "WEB",
"url": "https://gstreamer.freedesktop.org/security/sa-2026-0018.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-7JMR-6PR9-G7CC
Vulnerability from github – Published: 2025-07-03 09:30 – Updated: 2025-12-17 18:31In the Linux kernel, the following vulnerability has been resolved:
net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping
The stmmac platform drivers that do not open-code the clk_ptp_rate value after having retrieved the default one from the device-tree can end up with 0 in clk_ptp_rate (as clk_get_rate can return 0). It will eventually propagate up to PTP initialization when bringing up the interface, leading to a divide by 0:
Division by zero in kernel. CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.30-00001-g48313bd5768a #22 Hardware name: STM32 (Device Tree Support) Call trace: unwind_backtrace from show_stack+0x18/0x1c show_stack from dump_stack_lvl+0x6c/0x8c dump_stack_lvl from Ldiv0_64+0x8/0x18 Ldiv0_64 from stmmac_init_tstamp_counter+0x190/0x1a4 stmmac_init_tstamp_counter from stmmac_hw_setup+0xc1c/0x111c stmmac_hw_setup from __stmmac_open+0x18c/0x434 __stmmac_open from stmmac_open+0x3c/0xbc stmmac_open from __dev_open+0xf4/0x1ac __dev_open from __dev_change_flags+0x1cc/0x224 __dev_change_flags from dev_change_flags+0x24/0x60 dev_change_flags from ip_auto_config+0x2e8/0x11a0 ip_auto_config from do_one_initcall+0x84/0x33c do_one_initcall from kernel_init_freeable+0x1b8/0x214 kernel_init_freeable from kernel_init+0x24/0x140 kernel_init from ret_from_fork+0x14/0x28 Exception stack(0xe0815fb0 to 0xe0815ff8)
Prevent this division by 0 by adding an explicit check and error log about the actual issue. While at it, remove the same check from stmmac_ptp_register, which then becomes duplicate
{
"affected": [],
"aliases": [
"CVE-2025-38126"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-03T09:15:26Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: make sure that ptp_rate is not 0 before configuring timestamping\n\nThe stmmac platform drivers that do not open-code the clk_ptp_rate value\nafter having retrieved the default one from the device-tree can end up\nwith 0 in clk_ptp_rate (as clk_get_rate can return 0). It will\neventually propagate up to PTP initialization when bringing up the\ninterface, leading to a divide by 0:\n\n Division by zero in kernel.\n CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.30-00001-g48313bd5768a #22\n Hardware name: STM32 (Device Tree Support)\n Call trace:\n unwind_backtrace from show_stack+0x18/0x1c\n show_stack from dump_stack_lvl+0x6c/0x8c\n dump_stack_lvl from Ldiv0_64+0x8/0x18\n Ldiv0_64 from stmmac_init_tstamp_counter+0x190/0x1a4\n stmmac_init_tstamp_counter from stmmac_hw_setup+0xc1c/0x111c\n stmmac_hw_setup from __stmmac_open+0x18c/0x434\n __stmmac_open from stmmac_open+0x3c/0xbc\n stmmac_open from __dev_open+0xf4/0x1ac\n __dev_open from __dev_change_flags+0x1cc/0x224\n __dev_change_flags from dev_change_flags+0x24/0x60\n dev_change_flags from ip_auto_config+0x2e8/0x11a0\n ip_auto_config from do_one_initcall+0x84/0x33c\n do_one_initcall from kernel_init_freeable+0x1b8/0x214\n kernel_init_freeable from kernel_init+0x24/0x140\n kernel_init from ret_from_fork+0x14/0x28\n Exception stack(0xe0815fb0 to 0xe0815ff8)\n\nPrevent this division by 0 by adding an explicit check and error log\nabout the actual issue. While at it, remove the same check from\nstmmac_ptp_register, which then becomes duplicate",
"id": "GHSA-7jmr-6pr9-g7cc",
"modified": "2025-12-17T18:31:32Z",
"published": "2025-07-03T09:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38126"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/030ce919e114a111e83b7976ecb3597cefd33f26"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/32af9c289234990752281c805500dfe03c5b2b8f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/379cd990dfe752b38fcf46034698a9a150626c7a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b263088ee8ab14563817a8be3519af8e25225793"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bb033c6781ce1b0264c3993b767b4aa9021959c2"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7JQ4-G7P4-JX98
Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-05 15:31In the Linux kernel, the following vulnerability has been resolved:
drm/amd/pm: Prevent division by zero
The user can set any speed value. If speed is greater than UINT_MAX/8, division by zero is possible.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
{
"affected": [],
"aliases": [
"CVE-2025-37771"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T14:15:40Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"id": "GHSA-7jq4-g7p4-jx98",
"modified": "2025-11-05T15:31:01Z",
"published": "2025-05-01T15:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37771"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/402964994e8ece29702383b234fabcf04791ff95"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5096174074114f83c700a27869c54362cbb10f3e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6413fed016208171592c88b5df002af8a1387e24"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7d641c2b83275d3b0424127b2e0d2d0f7dd82aef"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b7c41df4913789ebfe73cc1e17c6401d4c5eab69"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/baa54adb5e0599299b8f088efb5544d876a3eb62"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7MJH-M8R7-CJW8
Vulnerability from github – Published: 2024-04-03 18:30 – Updated: 2025-02-27 15:31In the Linux kernel, the following vulnerability has been resolved:
fbdev: sis: Error out if pixclock equals zero
The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error.
In sisfb_check_var(), var->pixclock is used as a divisor to caculate drate before it is checked against zero. Fix this by checking it at the beginning.
This is similar to CVE-2022-3061 in i740fb which was fixed by commit 15cf0b8.
{
"affected": [],
"aliases": [
"CVE-2024-26777"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-03T17:15:53Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: sis: Error out if pixclock equals zero\n\nThe userspace program could pass any values to the driver through\nioctl() interface. If the driver doesn\u0027t check the value of pixclock,\nit may cause divide-by-zero error.\n\nIn sisfb_check_var(), var-\u003epixclock is used as a divisor to caculate\ndrate before it is checked against zero. Fix this by checking it\nat the beginning.\n\nThis is similar to CVE-2022-3061 in i740fb which was fixed by\ncommit 15cf0b8.",
"id": "GHSA-7mjh-m8r7-cjw8",
"modified": "2025-02-27T15:31:49Z",
"published": "2024-04-03T18:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26777"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1d11dd3ea5d039c7da089f309f39c4cd363b924b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6db07619d173765bd8622d63809cbfe361f04207"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/84246c35ca34207114055a87552a1c4289c8fd7e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/99f1abc34a6dde248d2219d64aa493c76bbdd9eb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cd36da760bd1f78c63c7078407baf01dd724f313"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/df6e2088c6f4cad539cf67cba2d6764461e798d1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e421946be7d9bf545147bea8419ef8239cb7ca52"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f329523f6a65c3bbce913ad35473d83a319d5d99"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7PWX-R922-2J5R
Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.
{
"affected": [],
"aliases": [
"CVE-2016-10506"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-30T09:29:00Z",
"severity": "MODERATE"
},
"details": "Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.",
"id": "GHSA-7pwx-r922-2j5r",
"modified": "2022-05-13T01:16:22Z",
"published": "2022-05-13T01:16:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10506"
},
{
"type": "WEB",
"url": "https://github.com/uclouvain/openjpeg/issues/731"
},
{
"type": "WEB",
"url": "https://github.com/uclouvain/openjpeg/issues/732"
},
{
"type": "WEB",
"url": "https://github.com/uclouvain/openjpeg/issues/777"
},
{
"type": "WEB",
"url": "https://github.com/uclouvain/openjpeg/issues/778"
},
{
"type": "WEB",
"url": "https://github.com/uclouvain/openjpeg/issues/779"
},
{
"type": "WEB",
"url": "https://github.com/uclouvain/openjpeg/issues/780"
},
{
"type": "WEB",
"url": "https://github.com/uclouvain/openjpeg/commit/d27ccf01c68a31ad62b33d2dc1ba2bb1eeaafe7b"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201710-26"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100573"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7V94-64HJ-M82H
Vulnerability from github – Published: 2021-11-10 19:02 – Updated: 2024-11-13 21:57Impact
The implementation of ParallelConcat misses some input validation and can produce a division by 0:
import tensorflow as tf
@tf.function
def test():
y = tf.raw_ops.ParallelConcat(values=[['tf']],shape=0)
return y
test()
Patches
We have patched the issue in GitHub commit f2c3931113eaafe9ef558faaddd48e00a6606235.
The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-41207"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-08T22:39:54Z",
"nvd_published_at": "2021-11-05T22:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nThe [implementation of `ParallelConcat`](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/inplace_ops.cc#L72-L97) misses some input validation and can produce a division by 0:\n\n```python\nimport tensorflow as tf\n\n@tf.function\ndef test():\n y = tf.raw_ops.ParallelConcat(values=[[\u0027tf\u0027]],shape=0)\n return y\n\ntest()\n```\n\n### Patches\nWe have patched the issue in GitHub commit [f2c3931113eaafe9ef558faaddd48e00a6606235](https://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235).\n\nThe fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
"id": "GHSA-7v94-64hj-m82h",
"modified": "2024-11-13T21:57:41Z",
"published": "2021-11-10T19:02:57Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7v94-64hj-m82h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41207"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/9de11bdc2cf1284b2f635419bd3e6bbc7643eb2c"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/d11f21bbdfa54f3576ae860fc927bf23c675ebc0"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/e67caccea81167402c62977b5c521f2a8b261d6a"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-616.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-814.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-399.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/inplace_ops.cc#L72-L97"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "FPE in `ParallelConcat`"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.