Common Weakness Enumeration

CWE-369

Allowed

Divide By Zero

Abstraction: Base · Status: Draft

The product divides a value by zero.

577 vulnerabilities reference this CWE, most recent first.

GHSA-WQMQ-9GVF-CGXR

Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2025-04-20 03:45
VLAI
Details

In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14634"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-21T07:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.",
  "id": "GHSA-wqmq-9gvf-cgxr",
  "modified": "2025-04-20T03:45:41Z",
  "published": "2022-05-13T01:14:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14634"
    },
    {
      "type": "WEB",
      "url": "https://github.com/erikd/libsndfile/issues/318"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201811-23"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4013-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WQQC-QM65-P7R6

Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2023-12-22 12:31
VLAI
Details

A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-18774"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-23T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.",
  "id": "GHSA-wqqc-qm65-p7r6",
  "modified": "2023-12-22T12:31:44Z",
  "published": "2022-05-24T19:12:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-18774"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Exiv2/exiv2/issues/759"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202312-06"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WRF5-2XRG-356W

Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2022-06-04 00:00
VLAI
Details

ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-27560"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-22T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.",
  "id": "GHSA-wrf5-2xrg-356w",
  "modified": "2022-06-04T00:00:31Z",
  "published": "2022-05-24T17:31:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27560"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/commit/ef59bd764f88d893f1219fee8ba696a5d3f8c1c4"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00037.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WVG5-X3JQ-VP4G

Vulnerability from github – Published: 2023-03-01 21:30 – Updated: 2023-03-09 03:30
VLAI
Details

Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1127"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-01T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.",
  "id": "GHSA-wvg5-x3jq-vp4g",
  "modified": "2023-03-09T03:30:15Z",
  "published": "2023-03-01T21:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1127"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vim/vim/commit/e0f869196930ef5f25a0ac41c9215b09c9ce2d3c"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PDVN5HSWPNVP4QXBPCEGZDLZKURLJWTE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ6TMKKBXHGVUHWFGM4X46VIJO7ZAG2W"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X3RG-P4HX-X3WG

Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-04-22 15:31
VLAI
Details

A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-33593"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-22T14:16:53Z",
    "severity": "HIGH"
  },
  "details": "A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.",
  "id": "GHSA-x3rg-p4hx-x3wg",
  "modified": "2026-04-22T15:31:44Z",
  "published": "2026-04-22T15:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33593"
    },
    {
      "type": "WEB",
      "url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X4G7-FVJJ-PRG8

Vulnerability from github – Published: 2021-05-21 14:21 – Updated: 2024-10-30 23:17
VLAI
Summary
Division by 0 in `QuantizedConv2D`
Details

Impact

An attacker can trigger a division by 0 in tf.raw_ops.QuantizedConv2D:

import tensorflow as tf

input = tf.zeros([1, 1, 1, 1], dtype=tf.quint8)
filter = tf.constant([], shape=[1, 0, 1, 1], dtype=tf.quint8)
min_input = tf.constant(0.0)
max_input = tf.constant(0.0001)
min_filter = tf.constant(0.0)
max_filter = tf.constant(0.0001)
strides = [1, 1, 1, 1]
padding = "SAME"               


tf.raw_ops.QuantizedConv2D(input=input, filter=filter, min_input=min_input, max_input=max_input, min_filter=min_filter, max_filter=max_filter, strides=strides, padding=padding)

This is because the implementation does a division by a quantity that is controlled by the caller:

const int filter_value_count = filter_width * filter_height * input_depth;
const int64 patches_per_chunk = kMaxChunkSize / (filter_value_count * sizeof(T1));

Patches

We have patched the issue in GitHub commit cfa91be9863a91d5105a3b4941096044ab32036b.

The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by Ying Wang and Yakun Zhang of Baidu X-Team.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-29527"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-18T23:10:37Z",
    "nvd_published_at": "2021-05-14T20:15:00Z",
    "severity": "LOW"
  },
  "details": "### Impact\nAn attacker can trigger a division by 0 in `tf.raw_ops.QuantizedConv2D`:\n\n```python\nimport tensorflow as tf\n\ninput = tf.zeros([1, 1, 1, 1], dtype=tf.quint8)\nfilter = tf.constant([], shape=[1, 0, 1, 1], dtype=tf.quint8)\nmin_input = tf.constant(0.0)\nmax_input = tf.constant(0.0001)\nmin_filter = tf.constant(0.0)\nmax_filter = tf.constant(0.0001)\nstrides = [1, 1, 1, 1]\npadding = \"SAME\"               \n                               \n\ntf.raw_ops.QuantizedConv2D(input=input, filter=filter, min_input=min_input, max_input=max_input, min_filter=min_filter, max_filter=max_filter, strides=strides, padding=padding)\n```\nThis is because the [implementation](https://github.com/tensorflow/tensorflow/blob/00e9a4d67d76703fa1aee33dac582acf317e0e81/tensorflow/core/kernels/quantized_conv_ops.cc#L257-L259) does a division by a quantity that is controlled by the caller: \n\n```cc\nconst int filter_value_count = filter_width * filter_height * input_depth;\nconst int64 patches_per_chunk = kMaxChunkSize / (filter_value_count * sizeof(T1));\n```\n  \n### Patches\nWe have patched the issue in GitHub commit [cfa91be9863a91d5105a3b4941096044ab32036b](https://github.com/tensorflow/tensorflow/commit/cfa91be9863a91d5105a3b4941096044ab32036b).\n\nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Ying Wang and Yakun Zhang of Baidu X-Team.",
  "id": "GHSA-x4g7-fvjj-prg8",
  "modified": "2024-10-30T23:17:38Z",
  "published": "2021-05-21T14:21:59Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x4g7-fvjj-prg8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29527"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/cfa91be9863a91d5105a3b4941096044ab32036b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-455.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-653.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-164.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Division by 0 in `QuantizedConv2D`"
}

GHSA-X5VX-95H7-RV4P

Vulnerability from github – Published: 2025-02-20 20:18 – Updated: 2025-02-20 20:18
VLAI
Summary
Cosmos SDK: Groups module can halt chain when handling a malicious proposal
Details

Name: ASA-2025-003: Groups module can halt chain when handling a malicious proposal Component: CosmosSDK Criticality: High (Considerable Impact; Likely Likelihood per ACMv1.2) Affected versions: <= v0.47.15, <= 0.50.11 Affected users: Validators, Full nodes, Users on chains that utilize the groups module

Description

An issue was discovered in the groups module where a malicious proposal would result in a division by zero, and subsequently halt a chain due to the resulting error. Any user that can interact with the groups module can introduce this state.

Patches

The new Cosmos SDK release v0.50.12 and v0.47.16 fix this issue.

Workarounds

There are no known workarounds for this issue. It is advised that chains apply the update.

Timeline

  • February 9, 2025, 5:18pm PST: Issue reported to the Cosmos Bug Bounty program
  • February 9, 2025, 8:12am PST: Issue triaged by Amulet on-call, and distributed to Core team
  • February 9, 2025, 12:25pm PST: Core team completes validation of issue
  • February 18, 2025, 8:00am PST / 17:00 CET: Pre-notification delivered
  • February 20, 2025, 8:00am PST / 17:00 CET: Patch made available

This issue was reported to the Cosmos Bug Bounty Program by dongsam on HackerOne on February 9, 2025. If you believe you have found a bug in the Interchain Stack or would like to contribute to the program by reporting a bug, please see https://hackerone.com/cosmos.

If you have questions about Interchain security efforts, please reach out to our official communication channel at security@interchain.io. For more information about the Interchain Foundation’s engagement with Amulet, and to sign up for security notification emails, please see https://github.com/interchainio/security.

A Github Security Advisory for this issue is available in the Cosmos SDK repository.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.47.15"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cosmos/cosmos-sdk"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.47.16-ics-lsm"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.50.11"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cosmos/cosmos-sdk"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.50.0-alpha.0"
            },
            {
              "fixed": "0.50.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-02-20T20:18:25Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "Name: ASA-2025-003: Groups module can halt chain when handling a malicious proposal\nComponent: CosmosSDK\nCriticality: High (Considerable Impact; Likely Likelihood per [ACMv1.2](https://github.com/interchainio/security/blob/main/resources/CLASSIFICATION_MATRIX.md))\nAffected versions: \u003c= v0.47.15, \u003c= 0.50.11\nAffected users: Validators, Full nodes, Users on chains that utilize the groups module\n\n### Description\n\nAn issue was discovered in the groups module where a malicious proposal would result in a division by zero, and subsequently halt a chain due to the resulting error. Any user that can interact with the groups module can introduce this state.\n\n### Patches\n\nThe new Cosmos SDK release [v0.50.12](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.50.12) and [v0.47.16](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.47.16) fix this issue.\n\n### Workarounds\n\nThere are no known workarounds for this issue.  It is advised that chains apply the update.\n\n### Timeline\n\n* February 9, 2025, 5:18pm PST: Issue reported to the Cosmos Bug Bounty program\n* February 9, 2025, 8:12am PST: Issue triaged by Amulet on-call, and distributed to Core team\n* February 9, 2025, 12:25pm PST: Core team completes validation of issue\n* February 18, 2025, 8:00am PST / 17:00 CET: Pre-notification delivered\n* February 20, 2025, 8:00am PST / 17:00 CET: Patch made available\n\nThis issue was reported to the Cosmos Bug Bounty Program by [dongsam](https://github.com/dongsam) on HackerOne on February 9, 2025. If you believe you have found a bug in the Interchain Stack or would like to contribute to the program by reporting a bug, please see https://hackerone.com/cosmos.\n\nIf you have questions about Interchain security efforts, please reach out to our official communication channel at [security@interchain.io](mailto:security@interchain.io). For more information about the Interchain Foundation\u2019s engagement with Amulet, and to sign up for security notification emails, please see https://github.com/interchainio/security.  \n\nA Github Security Advisory for this issue is available in the Cosmos SDK [repository](https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-x5vx-95h7-rv4p).",
  "id": "GHSA-x5vx-95h7-rv4p",
  "modified": "2025-02-20T20:18:25Z",
  "published": "2025-02-20T20:18:25Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-x5vx-95h7-rv4p"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cosmos/cosmos-sdk/commit/0a98b65b24900a0e608866c78f172cf8e4140aea"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cosmos/cosmos-sdk"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cosmos/cosmos-sdk/releases/tag/v0.47.16"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cosmos/cosmos-sdk/releases/tag/v0.50.12"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Cosmos SDK: Groups module can halt chain when handling a malicious proposal"
}

GHSA-X5VX-QMF9-2R9V

Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2026-05-12 12:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Initialize get_bytes_per_element's default to 1

Variables, used as denominators and maybe not assigned to other values, should not be 0. bytes_per_element_y & bytes_per_element_c are initialized by get_bytes_per_element() which should never return 0.

This fixes 10 DIVIDE_BY_ZERO issues reported by Coverity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49892"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T18:15:11Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Initialize get_bytes_per_element\u0027s default to 1\n\nVariables, used as denominators and maybe not assigned to other values,\nshould not be 0. bytes_per_element_y \u0026 bytes_per_element_c are\ninitialized by get_bytes_per_element() which should never return 0.\n\nThis fixes 10 DIVIDE_BY_ZERO issues reported by Coverity.",
  "id": "GHSA-x5vx-qmf9-2r9v",
  "modified": "2026-05-12T12:32:10Z",
  "published": "2024-10-21T18:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49892"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1f9f8186e239222f1c8d3dd73bf3bc6ae86c5e76"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3334ab72cbba55a632f24579cd47c4a4e5e69cda"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4067f4fa0423a89fb19a30b57231b384d77d2610"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8f0abb39c16e719129de10596b3ae3363fa178b4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a23d6029e730f8a151b1a34afb169baac1274583"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bc00d211da4ffad5314a2043b50bdc8ff8a33724"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c7630935d9a4986e8c0ed91658a781b7a77d73f7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f921335123f6620c3dce5c96fbb95f18524a021c"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X5XG-3GFM-7R9V

Vulnerability from github – Published: 2022-05-17 00:27 – Updated: 2022-05-17 00:27
VLAI
Details

The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-3622"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-10-03T16:09:00Z",
    "severity": "MODERATE"
  },
  "details": "The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image.",
  "id": "GHSA-x5xg-3gfm-7r9v",
  "modified": "2022-05-17T00:27:41Z",
  "published": "2022-05-17T00:27:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3622"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201701-16"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3762"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/04/07/4"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/85917"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1035508"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X65R-3HPG-F998

Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-05 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/pm/smu11: Prevent division by zero

The user can set any speed value. If speed is greater than UINT_MAX/8, division by zero is possible.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

(cherry picked from commit da7dc714a8f8e1c9fc33c57cd63583779a3bef71)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-37769"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T14:15:40Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm/smu11: Prevent division by zero\n\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n(cherry picked from commit da7dc714a8f8e1c9fc33c57cd63583779a3bef71)",
  "id": "GHSA-x65r-3hpg-f998",
  "modified": "2025-11-05T15:31:01Z",
  "published": "2025-05-01T15:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37769"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/63a150400194592206817124268ff6f43947e8c9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7ba88b5cccc1a99c1afb96e31e7eedac9907704c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/de2cba068c9c648503973b57696d035cfe58a9f6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/de6f8e0534cfabc528c969d453150ca90b24fb01"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fc9d55377353321e78f9e108d15f72a17e8c6ee2"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.