CWE-369
AllowedDivide By Zero
Abstraction: Base · Status: Draft
The product divides a value by zero.
579 vulnerabilities reference this CWE, most recent first.
GHSA-8CPM-HMP4-FCM6
Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2026-05-12 12:32In the Linux kernel, the following vulnerability has been resolved:
net: stmmac: Fix zero-division error when disabling tc cbs
The commit b8c43360f6e4 ("net: stmmac: No need to calculate speed divider when offload is disabled") allows the "port_transmit_rate_kbps" to be set to a value of 0, which is then passed to the "div_s64" function when tc-cbs is disabled. This leads to a zero-division error.
When tc-cbs is disabled, the idleslope, sendslope, and credit values the credit values are not required to be configured. Therefore, adding a return statement after setting the txQ mode to DCB when tc-cbs is disabled would prevent a zero-division error.
{
"affected": [],
"aliases": [
"CVE-2024-49977"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T18:15:18Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: Fix zero-division error when disabling tc cbs\n\nThe commit b8c43360f6e4 (\"net: stmmac: No need to calculate speed divider\nwhen offload is disabled\") allows the \"port_transmit_rate_kbps\" to be\nset to a value of 0, which is then passed to the \"div_s64\" function when\ntc-cbs is disabled. This leads to a zero-division error.\n\nWhen tc-cbs is disabled, the idleslope, sendslope, and credit values the\ncredit values are not required to be configured. Therefore, adding a return\nstatement after setting the txQ mode to DCB when tc-cbs is disabled would\nprevent a zero-division error.",
"id": "GHSA-8cpm-hmp4-fcm6",
"modified": "2026-05-12T12:32:11Z",
"published": "2024-10-21T18:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49977"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/03582f4752427f60817d896f1a827aff772bd31e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5d43e1ad4567d67af2b42d3ab7c14152ffed25c6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/675faf5a14c14a2be0b870db30a70764df81e2df"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/837d9df9c0792902710149d1a5e0991520af0f93"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b0da9504a528f05f97d926b4db74ff21917a33e9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e297a2bf56d12fd7f91a0c209eb6ea84361f3368"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e33fe25b1efe4f2e6a5858786dbc82ae4c44ed4c"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8F73-7QP9-CRV2
Vulnerability from github – Published: 2022-05-13 01:54 – Updated: 2025-04-20 03:38imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c.
{
"affected": [],
"aliases": [
"CVE-2017-9201"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-23T04:29:00Z",
"severity": "MODERATE"
},
"details": "imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c.",
"id": "GHSA-8f73-7qp9-crv2",
"modified": "2025-04-20T03:38:10Z",
"published": "2022-05-13T01:54:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9201"
},
{
"type": "WEB",
"url": "https://github.com/jsummers/imageworsener/commit/dc49c807926b96e503bd7c0dec35119eecd6c6fe"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8G7V-9G36-5JM6
Vulnerability from github – Published: 2025-05-20 18:30 – Updated: 2025-11-17 21:31In the Linux kernel, the following vulnerability has been resolved:
spi: spi-mem: Add fix to avoid divide error
For some SPI flash memory operations, dummy bytes are not mandatory. For
example, in Winbond SPINAND flash memory devices, the write_cache and
update_cache operation variants have zero dummy bytes. Calculating the
duration for SPI memory operations with zero dummy bytes causes
a divide error when ncycles is calculated in the
spi_mem_calc_op_duration().
Add changes to skip the 'ncylcles' calculation for zero dummy bytes.
Following divide error is fixed by this change:
Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI ...
? do_trap+0xdb/0x100 ? do_error_trap+0x75/0xb0 ? spi_mem_calc_op_duration+0x56/0xb0 ? exc_divide_error+0x3b/0x70 ? spi_mem_calc_op_duration+0x56/0xb0 ? asm_exc_divide_error+0x1b/0x20 ? spi_mem_calc_op_duration+0x56/0xb0 ? spinand_select_op_variant+0xee/0x190 [spinand] spinand_match_and_init+0x13e/0x1a0 [spinand] spinand_manufacturer_match+0x6e/0xa0 [spinand] spinand_probe+0x357/0x7f0 [spinand] ? kernfs_activate+0x87/0xd0 spi_mem_probe+0x7a/0xb0 spi_probe+0x7d/0x130
{
"affected": [],
"aliases": [
"CVE-2025-37896"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-20T16:15:25Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-mem: Add fix to avoid divide error\n\nFor some SPI flash memory operations, dummy bytes are not mandatory. For\nexample, in Winbond SPINAND flash memory devices, the `write_cache` and\n`update_cache` operation variants have zero dummy bytes. Calculating the\nduration for SPI memory operations with zero dummy bytes causes\na divide error when `ncycles` is calculated in the\nspi_mem_calc_op_duration().\n\nAdd changes to skip the \u0027ncylcles\u0027 calculation for zero dummy bytes.\n\nFollowing divide error is fixed by this change:\n\n Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI\n...\n\n ? do_trap+0xdb/0x100\n ? do_error_trap+0x75/0xb0\n ? spi_mem_calc_op_duration+0x56/0xb0\n ? exc_divide_error+0x3b/0x70\n ? spi_mem_calc_op_duration+0x56/0xb0\n ? asm_exc_divide_error+0x1b/0x20\n ? spi_mem_calc_op_duration+0x56/0xb0\n ? spinand_select_op_variant+0xee/0x190 [spinand]\n spinand_match_and_init+0x13e/0x1a0 [spinand]\n spinand_manufacturer_match+0x6e/0xa0 [spinand]\n spinand_probe+0x357/0x7f0 [spinand]\n ? kernfs_activate+0x87/0xd0\n spi_mem_probe+0x7a/0xb0\n spi_probe+0x7d/0x130",
"id": "GHSA-8g7v-9g36-5jm6",
"modified": "2025-11-17T21:31:17Z",
"published": "2025-05-20T18:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37896"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1915dbd67dadc0bb35670c8e28229baa29368d17"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8e4d3d8a5e51e07bd0d6cdd81b5e4af79f796927"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8GCQ-WCJ5-XGQ6
Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.
{
"affected": [],
"aliases": [
"CVE-2015-6855"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-11-06T21:59:00Z",
"severity": "HIGH"
},
"details": "hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.",
"id": "GHSA-8gcq-wcj5-xgq6",
"modified": "2022-05-13T01:04:37Z",
"published": "2022-05-13T01:04:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6855"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg02479.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201602-01"
},
{
"type": "WEB",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168602.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169327.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169341.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2015/dsa-3361"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2015/dsa-3362"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/09/10/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/09/10/2"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/76691"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2745-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8GW8-PVF9-WHFQ
Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2023-03-12 00:30A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char and math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.
{
"affected": [],
"aliases": [
"CVE-2020-27750"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-08T22:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` and math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.",
"id": "GHSA-8gw8-pvf9-whfq",
"modified": "2023-03-12T00:30:16Z",
"published": "2022-05-24T17:35:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27750"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891984"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8JQQ-8MP9-6R8W
Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2022-05-24 17:31GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_ScaledData(). Parsing malicious input can result in a crash.
{
"affected": [],
"aliases": [
"CVE-2020-16161"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-19T18:15:00Z",
"severity": "HIGH"
},
"details": "GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_ScaledData(). Parsing malicious input can result in a crash.",
"id": "GHSA-8jqq-8mp9-6r8w",
"modified": "2022-05-24T17:31:12Z",
"published": "2022-05-24T17:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16161"
},
{
"type": "WEB",
"url": "https://blog.inhq.net/posts/gopro-gpmf-parser-vuln-1"
},
{
"type": "WEB",
"url": "https://github.com/gopro/gpmf-parser/blob/2cc0af7ffee6f12934e2d57750bdf292f62b0a97/GPMF_parser.c#L1634"
},
{
"type": "WEB",
"url": "https://github.com/gopro/gpmf-parser/blob/2cc0af7ffee6f12934e2d57750bdf292f62b0a97/GPMF_parser.c#L1653"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8MFW-4XW2-V3M5
Vulnerability from github – Published: 2022-04-29 02:58 – Updated: 2022-04-29 02:58Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.
{
"affected": [],
"aliases": [
"CVE-2004-0804"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2004-11-03T05:00:00Z",
"severity": "MODERATE"
},
"details": "Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.",
"id": "GHSA-8mfw-4xw2-v3m5",
"modified": "2022-04-29T02:58:24Z",
"published": "2022-04-29T02:58:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0804"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17755"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711"
},
{
"type": "WEB",
"url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=111"
},
{
"type": "WEB",
"url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000888"
},
{
"type": "WEB",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1"
},
{
"type": "WEB",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2004/dsa-567"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/555304"
},
{
"type": "WEB",
"url": "http://www.kde.org/info/security/advisory-20041209-2.txt"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:109"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052"
},
{
"type": "WEB",
"url": "http://www.novell.com/linux/security/advisories/2004_38_libtiff.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2004-577.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2005-021.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2005-354.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8RM6-75MF-7R7R
Vulnerability from github – Published: 2021-05-21 14:28 – Updated: 2024-11-13 16:09Impact
The TFLite implementation of hashtable lookup is vulnerable to a division by zero error:
const int num_rows = SizeOfDimension(value, 0);
const int row_bytes = value->bytes / num_rows;
An attacker can craft a model such that values's first dimension would be 0.
Patches
We have patched the issue in GitHub commit 5117e0851348065ed59c991562c0ec80d9193db2.
The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29604"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-17T22:27:24Z",
"nvd_published_at": "2021-05-14T20:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nThe TFLite implementation of hashtable lookup is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/1a8e885b864c818198a5b2c0cbbeca5a1e833bc8/tensorflow/lite/kernels/hashtable_lookup.cc#L114-L115):\n\n```cc\nconst int num_rows = SizeOfDimension(value, 0); \nconst int row_bytes = value-\u003ebytes / num_rows; \n```\n\nAn attacker can craft a model such that `values`\u0027s first dimension would be 0.\n\n### Patches\nWe have patched the issue in GitHub commit [5117e0851348065ed59c991562c0ec80d9193db2](https://github.com/tensorflow/tensorflow/commit/5117e0851348065ed59c991562c0ec80d9193db2).\n\nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\n\n### For more information \nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
"id": "GHSA-8rm6-75mf-7r7r",
"modified": "2024-11-13T16:09:38Z",
"published": "2021-05-21T14:28:19Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8rm6-75mf-7r7r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29604"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/5117e0851348065ed59c991562c0ec80d9193db2"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-532.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-730.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-241.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/blob/1a8e885b864c818198a5b2c0cbbeca5a1e833bc8/tensorflow/lite/kernels/hashtable_lookup.cc#L114-L115"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Division by zero in TFLite\u0027s implementation of hashtable lookup"
}
GHSA-8V8C-MG3X-99CG
Vulnerability from github – Published: 2022-05-24 16:47 – Updated: 2024-04-04 00:54In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]&numtariffa1=1a URI. It could allow an administrator to conduct remote denial of service (disrupting certain business functions of the product).
{
"affected": [],
"aliases": [
"CVE-2019-9084"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-07T21:29:00Z",
"severity": "MODERATE"
},
"details": "In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]\u0026numtariffa1=1a URI. It could allow an administrator to conduct remote denial of service (disrupting certain business functions of the product).",
"id": "GHSA-8v8c-mg3x-99cg",
"modified": "2024-04-04T00:54:41Z",
"published": "2022-05-24T16:47:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9084"
},
{
"type": "WEB",
"url": "https://metamorfosec.com/Files/Advisories/METS-2019-005-A_division_by_zero_in_Hoteldruid_before_v2.3.1.txt"
},
{
"type": "WEB",
"url": "http://www.hoteldruid.com/en/download.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8V9R-5752-3C33
Vulnerability from github – Published: 2023-08-22 21:30 – Updated: 2025-11-04 18:30An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.
{
"affected": [],
"aliases": [
"CVE-2021-46310"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-22T19:16:21Z",
"severity": "MODERATE"
},
"details": "An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.",
"id": "GHSA-8v9r-5752-3c33",
"modified": "2025-11-04T18:30:43Z",
"published": "2023-08-22T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46310"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APFAWR7QE27GXQMRKR6XKNZWWUJ5YMH"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HN4JOIBNMJMW2NQSGT6DCDCQZJ2ROFM7"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEEGAR4WUF6LTOJEHSON7I2MBTPFTVR5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HN4JOIBNMJMW2NQSGT6DCDCQZJ2ROFM7"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XEEGAR4WUF6LTOJEHSON7I2MBTPFTVR5"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/djvu/bugs/345"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.