CWE-369
AllowedDivide By Zero
Abstraction: Base · Status: Draft
The product divides a value by zero.
577 vulnerabilities reference this CWE, most recent first.
GHSA-332H-MHJM-X7JM
Vulnerability from github – Published: 2025-05-14 18:30 – Updated: 2025-05-14 18:30Divide By Zero vulnerability in davisking dlib allows
remote attackers to cause a denial of service via a crafted file.
.This issue affects dlib: before <19.24.7.
{
"affected": [],
"aliases": [
"CVE-2025-4637"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-14T18:15:33Z",
"severity": "HIGH"
},
"details": "Divide By Zero vulnerability in davisking dlib allows \n\nremote attackers to cause a denial of service via a crafted file.\n\n.This issue affects dlib: before \u003c19.24.7.",
"id": "GHSA-332h-mhjm-x7jm",
"modified": "2025-05-14T18:30:51Z",
"published": "2025-05-14T18:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4637"
},
{
"type": "WEB",
"url": "https://github.com/davisking/dlib/pull/3058"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:M/U:Amber",
"type": "CVSS_V4"
}
]
}
GHSA-33F7-6FM9-7M6P
Vulnerability from github – Published: 2026-05-01 15:30 – Updated: 2026-05-11 18:31In the Linux kernel, the following vulnerability has been resolved:
drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode
Stop adjusting the horizontal timing values based on the compression ratio in command mode. Bspec seems to be telling us to do this only in video mode, and this is also how the Windows driver does things.
This should also fix a div-by-zero on some machines because the adjusted htotal ends up being so small that we end up with line_time_us==0 when trying to determine the vtotal value in command mode.
Note that this doesn't actually make the display on the Huawei Matebook E work, but at least the kernel no longer explodes when the driver loads.
(cherry picked from commit 0b475e91ecc2313207196c6d7fd5c53e1a878525)
{
"affected": [],
"aliases": [
"CVE-2026-31767"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-01T15:16:39Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/dsi: Don\u0027t do DSC horizontal timing adjustments in command mode\n\nStop adjusting the horizontal timing values based on the\ncompression ratio in command mode. Bspec seems to be telling\nus to do this only in video mode, and this is also how the\nWindows driver does things.\n\nThis should also fix a div-by-zero on some machines because\nthe adjusted htotal ends up being so small that we end up with\nline_time_us==0 when trying to determine the vtotal value in\ncommand mode.\n\nNote that this doesn\u0027t actually make the display on the\nHuawei Matebook E work, but at least the kernel no longer\nexplodes when the driver loads.\n\n(cherry picked from commit 0b475e91ecc2313207196c6d7fd5c53e1a878525)",
"id": "GHSA-33f7-6fm9-7m6p",
"modified": "2026-05-11T18:31:35Z",
"published": "2026-05-01T15:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31767"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/33b5336e4fd8ba0e40a12989cadb3f5534a0f9e4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4dfce79e098915d8e5fc2b9e1d980bc3251dd32c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/55efe8402f46af8399c8b634a18b130a05fd7820"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/86e926b108880c0109b8635e459450447156aeb7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-33VQ-FRR6-W8MJ
Vulnerability from github – Published: 2026-06-25 15:32 – Updated: 2026-06-25 21:31In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted.
{
"affected": [],
"aliases": [
"CVE-2026-47152"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T14:16:41Z",
"severity": "HIGH"
},
"details": "In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted.",
"id": "GHSA-33vq-frr6-w8mj",
"modified": "2026-06-25T21:31:29Z",
"published": "2026-06-25T15:32:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47152"
},
{
"type": "WEB",
"url": "https://github.com/SiliconLabsSoftware/sisdk-release"
},
{
"type": "WEB",
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pEGPQIA4?operationContext=S1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-34G4-3JRW-9QGP
Vulnerability from github – Published: 2024-05-01 03:30 – Updated: 2024-12-04 18:32lunasvg v2.3.9 was discovered to contain an FPE (Floating Point Exception) at blend_transformed_tiled_argb.isra.0.
{
"affected": [],
"aliases": [
"CVE-2024-33766"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-01T03:15:07Z",
"severity": "MODERATE"
},
"details": "lunasvg v2.3.9 was discovered to contain an FPE (Floating Point Exception) at blend_transformed_tiled_argb.isra.0.",
"id": "GHSA-34g4-3jrw-9qgp",
"modified": "2024-12-04T18:32:34Z",
"published": "2024-05-01T03:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33766"
},
{
"type": "WEB",
"url": "https://github.com/keepinggg/poc/tree/main/poc_of_lunasvg"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-354W-X6PJ-669W
Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-15 21:31In the Linux kernel, the following vulnerability has been resolved:
iio: proximity: hx9023s: Protect against division by zero in set_samp_freq
Avoid division by zero when sampling frequency is unspecified.
{
"affected": [],
"aliases": [
"CVE-2026-43354"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-08T15:16:46Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: proximity: hx9023s: Protect against division by zero in set_samp_freq\n\nAvoid division by zero when sampling frequency is unspecified.",
"id": "GHSA-354w-x6pj-669w",
"modified": "2026-05-15T21:31:31Z",
"published": "2026-05-08T15:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43354"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/451ec5e67444f8460f9706a1bde146b5bbc86ce6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/739fdfe65678d8e5dcf59496c56b32ab3ba3dbaa"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a318cfc0853706f1d6ce682dba660bc455d674ef"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ad9da7d39cecd3e92f54149ea0ebca390f33fe69"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-383J-F5VG-3HCM
Vulnerability from github – Published: 2024-10-21 12:30 – Updated: 2024-10-23 21:30In the Linux kernel, the following vulnerability has been resolved:
ext4: check stripe size compatibility on remount as well
We disable stripe size in __ext4_fill_super if it is not a multiple of the cluster ratio however this check is missed when trying to remount. This can leave us with cases where stripe < cluster_ratio after remount:set making EXT4_B2C(sbi->s_stripe) become 0 that can cause some unforeseen bugs like divide by 0.
Fix that by adding the check in remount path as well.
{
"affected": [],
"aliases": [
"CVE-2024-47700"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T12:15:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: check stripe size compatibility on remount as well\n\nWe disable stripe size in __ext4_fill_super if it is not a multiple of\nthe cluster ratio however this check is missed when trying to remount.\nThis can leave us with cases where stripe \u003c cluster_ratio after\nremount:set making EXT4_B2C(sbi-\u003es_stripe) become 0 that can cause some\nunforeseen bugs like divide by 0.\n\nFix that by adding the check in remount path as well.",
"id": "GHSA-383j-f5vg-3hcm",
"modified": "2024-10-23T21:30:28Z",
"published": "2024-10-21T12:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47700"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/297615e992bbb30a55c158141086be6505d5d722"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a31b712f75445d52fc0451dc54fd7b16a552cb7c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ee85e0938aa8f9846d21e4d302c3cf6a2a75110d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/faeff8b1ee2eaa5969c8e994d66c3337298cefed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3CF4-3GWV-8JWP
Vulnerability from github – Published: 2024-07-30 09:31 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again"
Patch series "mm: Avoid possible overflows in dirty throttling".
Dirty throttling logic assumes dirty limits in page units fit into 32-bits. This patch series makes sure this is true (see patch 2/2 for more details).
This patch (of 2):
This reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78.
The commit is broken in several ways. Firstly, the removed (u64) cast from the multiplication will introduce a multiplication overflow on 32-bit archs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - the default settings with 4GB of RAM will trigger this). Secondly, the div64_u64() is unnecessarily expensive on 32-bit archs. We have div64_ul() in case we want to be safe & cheap. Thirdly, if dirty thresholds are larger than 1<<32 pages, then dirty balancing is going to blow up in many other spectacular ways anyway so trying to fix one possible overflow is just moot.
{
"affected": [],
"aliases": [
"CVE-2024-42102"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-30T08:15:02Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again\"\n\nPatch series \"mm: Avoid possible overflows in dirty throttling\".\n\nDirty throttling logic assumes dirty limits in page units fit into\n32-bits. This patch series makes sure this is true (see patch 2/2 for\nmore details).\n\n\nThis patch (of 2):\n\nThis reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78.\n\nThe commit is broken in several ways. Firstly, the removed (u64) cast\nfrom the multiplication will introduce a multiplication overflow on 32-bit\narchs if wb_thresh * bg_thresh \u003e= 1\u003c\u003c32 (which is actually common - the\ndefault settings with 4GB of RAM will trigger this). Secondly, the\ndiv64_u64() is unnecessarily expensive on 32-bit archs. We have\ndiv64_ul() in case we want to be safe \u0026 cheap. Thirdly, if dirty\nthresholds are larger than 1\u003c\u003c32 pages, then dirty balancing is going to\nblow up in many other spectacular ways anyway so trying to fix one\npossible overflow is just moot.",
"id": "GHSA-3cf4-3gwv-8jwp",
"modified": "2025-11-04T00:31:05Z",
"published": "2024-07-30T09:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42102"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3F7X-CMP2-M6M3
Vulnerability from github – Published: 2022-04-16 00:00 – Updated: 2022-04-23 00:03An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of input validation in calls to eb_div in sr_port/eb_muldiv.c allows attackers to crash the application by performing a divide by zero.
{
"affected": [],
"aliases": [
"CVE-2021-44500"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-15T18:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of input validation in calls to eb_div in sr_port/eb_muldiv.c allows attackers to crash the application by performing a divide by zero.",
"id": "GHSA-3f7x-cmp2-m6m3",
"modified": "2022-04-23T00:03:14Z",
"published": "2022-04-16T00:00:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44500"
},
{
"type": "WEB",
"url": "https://gitlab.com/YottaDB/DB/YDB/-/issues/828"
},
{
"type": "WEB",
"url": "https://sourceforge.net/projects/fis-gtm/files"
},
{
"type": "WEB",
"url": "http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3FFH-QHC3-7R9V
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-05-24 19:02A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.
{
"affected": [],
"aliases": [
"CVE-2021-20311"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-11T23:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.",
"id": "GHSA-3ffh-qhc3-7r9v",
"modified": "2022-05-24T19:02:17Z",
"published": "2022-05-24T19:02:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20311"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946739"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-3FXQ-CWJ2-M4X3
Vulnerability from github – Published: 2026-03-04 18:31 – Updated: 2026-03-04 18:31Multiple Cisco products are affected by a vulnerability in the Snort 3 Visual Basic for Applications (VBA) feature which could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. This vulnerability is due to lack of proper error checking when decompressing VBA data. An attacker could exploit this vulnerability by sending a crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause the Snort 3 Detection Engine to unexpectedly restart causing a a denial of service (DoS) condition.
{
"affected": [],
"aliases": [
"CVE-2026-20057"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-04T18:16:20Z",
"severity": "MODERATE"
},
"details": "Multiple Cisco products are affected by a vulnerability in the Snort 3 Visual Basic for Applications (VBA) feature which could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash.\u0026nbsp;\n\u0026nbsp;\nThis vulnerability is due to lack of proper error checking when decompressing VBA data. An attacker could exploit this vulnerability by sending a crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause the Snort 3 Detection Engine to unexpectedly restart causing a a denial of service (DoS) condition.",
"id": "GHSA-3fxq-cwj2-m4x3",
"modified": "2026-03-04T18:31:55Z",
"published": "2026-03-04T18:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20057"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3-vbavuls-96UcVVed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.