Common Weakness Enumeration
CWE-369
AllowedDivide By Zero
Abstraction: Base · Status: Draft
The product divides a value by zero.
577 vulnerabilities reference this CWE, most recent first.
CVE-2021-20244 (GCVE-0-2021-20244)
Vulnerability from cvelistv5 – Published: 2021-03-09 00:00 – Updated: 2024-08-03 17:37
VLAI
EPSS
VEX
Summary
A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
Severity
No CVSS data available.
CWE
Assigner
References
4 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ImageMagick |
Affected:
ImageMagick 7.0.10-62
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928959"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ImageMagick/ImageMagick/pull/3194"
},
{
"name": "[debian-lts-announce] 20210323 [SECURITY] [DLA 2602-1] imagemagick security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html"
},
{
"name": "[debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ImageMagick",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ImageMagick 7.0.10-62"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-22T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928959"
},
{
"url": "https://github.com/ImageMagick/ImageMagick/pull/3194"
},
{
"name": "[debian-lts-announce] 20210323 [SECURITY] [DLA 2602-1] imagemagick security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html"
},
{
"name": "[debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20244",
"datePublished": "2021-03-09T00:00:00.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:37:23.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20243 (GCVE-0-2021-20243)
Vulnerability from cvelistv5 – Published: 2021-03-09 00:00 – Updated: 2024-08-03 17:37
VLAI
EPSS
VEX
Summary
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
Severity
No CVSS data available.
CWE
Assigner
References
4 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ImageMagick |
Affected:
ImageMagick 7.0.10-62
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928958"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ImageMagick/ImageMagick/pull/3193"
},
{
"name": "[debian-lts-announce] 20210603 [SECURITY] [DLA 2672-1] imagemagick security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00000.html"
},
{
"name": "[debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ImageMagick",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ImageMagick 7.0.10-62"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-22T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928958"
},
{
"url": "https://github.com/ImageMagick/ImageMagick/pull/3193"
},
{
"name": "[debian-lts-announce] 20210603 [SECURITY] [DLA 2672-1] imagemagick security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00000.html"
},
{
"name": "[debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20243",
"datePublished": "2021-03-09T00:00:00.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:37:23.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20241 (GCVE-0-2021-20241)
Vulnerability from cvelistv5 – Published: 2021-03-09 00:00 – Updated: 2024-08-03 17:37
VLAI
EPSS
VEX
Summary
A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
Severity
No CVSS data available.
CWE
Assigner
References
4 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ImageMagick |
Affected:
ImageMagick 6.9.11-62, ImageMagick 7.0.10-62
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:22.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928952"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ImageMagick/ImageMagick/pull/3177"
},
{
"name": "[debian-lts-announce] 20210323 [SECURITY] [DLA 2602-1] imagemagick security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html"
},
{
"name": "[debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ImageMagick",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ImageMagick 6.9.11-62, ImageMagick 7.0.10-62"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-22T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928952"
},
{
"url": "https://github.com/ImageMagick/ImageMagick/pull/3177"
},
{
"name": "[debian-lts-announce] 20210323 [SECURITY] [DLA 2602-1] imagemagick security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html"
},
{
"name": "[debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20241",
"datePublished": "2021-03-09T00:00:00.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:37:22.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20176 (GCVE-0-2021-20176)
Vulnerability from cvelistv5 – Published: 2021-02-05 00:00 – Updated: 2024-08-03 17:30
VLAI
EPSS
VEX
Summary
A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ImageMagick |
Affected:
6.9.11-57, 7.0.10-57
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916610"
},
{
"name": "[debian-lts-announce] 20210323 [SECURITY] [DLA 2602-1] imagemagick security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html"
},
{
"name": "[debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ImageMagick",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.9.11-57, 7.0.10-57"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-22T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916610"
},
{
"name": "[debian-lts-announce] 20210323 [SECURITY] [DLA 2602-1] imagemagick security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html"
},
{
"name": "[debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20176",
"datePublished": "2021-02-05T00:00:00.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:30:07.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4216 (GCVE-0-2021-4216)
Vulnerability from cvelistv5 – Published: 2022-08-26 15:25 – Updated: 2024-08-03 17:16
VLAI
EPSS
VEX
Summary
A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream.
Severity
No CVSS data available.
CWE
- CWE-369 - - Divide By Zero
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugs.ghostscript.com/show_bug.cgi?id=704834 | x_refsource_MISC |
| https://github.com/ArtifexSoftware/mupdf/commit/2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=704834"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ArtifexSoftware/mupdf/commit/22c47acbd52949421f8c7cb46ea1556827d0fcbf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mupdf",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in v1.20.0-rc1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 - Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-26T15:25:43.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=704834"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ArtifexSoftware/mupdf/commit/22c47acbd52949421f8c7cb46ea1556827d0fcbf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-4216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mupdf",
"version": {
"version_data": [
{
"version_value": "Fixed in v1.20.0-rc1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-369 - Divide By Zero"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=704834",
"refsource": "MISC",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=704834"
},
{
"name": "https://github.com/ArtifexSoftware/mupdf/commit/22c47acbd52949421f8c7cb46ea1556827d0fcbf",
"refsource": "MISC",
"url": "https://github.com/ArtifexSoftware/mupdf/commit/22c47acbd52949421f8c7cb46ea1556827d0fcbf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-4216",
"datePublished": "2022-08-26T15:25:43.000Z",
"dateReserved": "2022-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:16:04.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3941 (GCVE-0-2021-3941)
Vulnerability from cvelistv5 – Published: 2022-03-25 00:00 – Updated: 2024-08-03 17:09
VLAI
EPSS
VEX
Summary
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.
Severity
No CVSS data available.
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2019789 | |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://security.gentoo.org/glsa/202210-31 | vendor-advisory |
| https://www.debian.org/security/2022/dsa-5299 | vendor-advisory |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-list |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019789"
},
{
"name": "FEDORA-2022-18e14f460c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/"
},
{
"name": "GLSA-202210-31",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-31"
},
{
"name": "DSA-5299",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5299"
},
{
"name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openexr",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OpenEXR 3.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019789"
},
{
"name": "FEDORA-2022-18e14f460c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN/"
},
{
"name": "GLSA-202210-31",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-31"
},
{
"name": "DSA-5299",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5299"
},
{
"name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3941",
"datePublished": "2022-03-25T00:00:00.000Z",
"dateReserved": "2021-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3432 (GCVE-0-2021-3432)
Vulnerability from cvelistv5 – Published: 2022-06-28 19:45 – Updated: 2024-09-17 00:21
VLAI
EPSS
VEX
Title
BT: Invalid interval in CONNECT_IND leads to Division by Zero
Summary
Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4
Severity
4.3 (Medium)
CWE
- CWE-369 - Divide By Zero (CWE-369)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://github.com/zephyrproject-rtos/zephyr/secur… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| zephyrproject-rtos | zephyr |
Affected:
v1.14.0 , < unspecified
(custom)
Affected: v2.5.0 , < unspecified (custom) |
Date Public
2021-06-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v1.14.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions \u003e= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "Divide By Zero (CWE-369)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T19:45:28.000Z",
"orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"shortName": "zephyr"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
}
],
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
]
},
"title": "BT: Invalid interval in CONNECT_IND leads to Division by Zero",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilities@zephyrproject.org",
"DATE_PUBLIC": "2021-06-21T00:00:00.000Z",
"ID": "CVE-2021-3432",
"STATE": "PUBLIC",
"TITLE": "BT: Invalid interval in CONNECT_IND leads to Division by Zero"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zephyr",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v1.14.0"
},
{
"version_affected": "\u003e=",
"version_value": "v2.5.0"
}
]
}
}
]
},
"vendor_name": "zephyrproject-rtos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions \u003e= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MODERATE",
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Divide By Zero (CWE-369)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4",
"refsource": "MISC",
"url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
}
]
},
"source": {
"defect": [
"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
"assignerShortName": "zephyr",
"cveId": "CVE-2021-3432",
"datePublished": "2022-06-28T19:45:28.514Z",
"dateReserved": "2021-03-11T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:21:58.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27790 (GCVE-0-2020-27790)
Vulnerability from cvelistv5 – Published: 2022-08-18 18:57 – Updated: 2024-08-04 16:25
VLAI
EPSS
VEX
Summary
A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability.
Severity
No CVSS data available.
CWE
- CWE-369 - - Divide By Zero
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/upx/upx/issues/331 | x_refsource_MISC |
| https://github.com/upx/upx/commit/eb90eab6325d009… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:42.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/upx/upx/issues/331"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/upx/upx/commit/eb90eab6325d009004ffb155e3e33f22d4d3ca26"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "upx",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in v3.96."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 - Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T18:57:21.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/upx/upx/issues/331"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/upx/upx/commit/eb90eab6325d009004ffb155e3e33f22d4d3ca26"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-27790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "upx",
"version": {
"version_data": [
{
"version_value": "Fixed in v3.96."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-369 - Divide By Zero"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/upx/upx/issues/331",
"refsource": "MISC",
"url": "https://github.com/upx/upx/issues/331"
},
{
"name": "https://github.com/upx/upx/commit/eb90eab6325d009004ffb155e3e33f22d4d3ca26",
"refsource": "MISC",
"url": "https://github.com/upx/upx/commit/eb90eab6325d009004ffb155e3e33f22d4d3ca26"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-27790",
"datePublished": "2022-08-18T18:57:21.000Z",
"dateReserved": "2020-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:25:42.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27773 (GCVE-0-2020-27773)
Vulnerability from cvelistv5 – Published: 2020-12-04 00:00 – Updated: 2024-08-04 16:25
VLAI
EPSS
VEX
Summary
A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
Severity
No CVSS data available.
CWE
- CWE-369 - (CWE-369|CWE-190)
Assigner
References
3 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ImageMagick |
Affected:
ImageMagick 7.0.9-0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:42.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898295"
},
{
"name": "[debian-lts-announce] 20210112 [SECURITY] [DLA 2523-1] imagemagick security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html"
},
{
"name": "[debian-lts-announce] 20230311 [SECURITY] [DLA 3357-1] imagemagick security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ImageMagick",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ImageMagick 7.0.9-0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "(CWE-369|CWE-190)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-11T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898295"
},
{
"name": "[debian-lts-announce] 20210112 [SECURITY] [DLA 2523-1] imagemagick security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html"
},
{
"name": "[debian-lts-announce] 20230311 [SECURITY] [DLA 3357-1] imagemagick security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-27773",
"datePublished": "2020-12-04T00:00:00.000Z",
"dateReserved": "2020-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:25:42.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27765 (GCVE-0-2020-27765)
Vulnerability from cvelistv5 – Published: 2020-12-04 00:00 – Updated: 2024-08-04 16:18
VLAI
EPSS
VEX
Summary
A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ImageMagick |
Affected:
ImageMagick 7.0.9-0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:45.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894684"
},
{
"name": "[debian-lts-announce] 20210112 [SECURITY] [DLA 2523-1] imagemagick security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html"
},
{
"name": "[debian-lts-announce] 20230311 [SECURITY] [DLA 3357-1] imagemagick security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ImageMagick",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ImageMagick 7.0.9-0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-11T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894684"
},
{
"name": "[debian-lts-announce] 20210112 [SECURITY] [DLA 2523-1] imagemagick security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html"
},
{
"name": "[debian-lts-announce] 20230311 [SECURITY] [DLA 3357-1] imagemagick security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-27765",
"datePublished": "2020-12-04T00:00:00.000Z",
"dateReserved": "2020-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:18:45.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.