Common Weakness Enumeration

CWE-369

Allowed

Divide By Zero

Abstraction: Base · Status: Draft

The product divides a value by zero.

577 vulnerabilities reference this CWE, most recent first.

GHSA-C6CX-89C4-F7WJ

Vulnerability from github – Published: 2025-02-06 06:31 – Updated: 2025-02-06 18:31
VLAI
Details

A floating point exception (divide-by-zero) vulnerability was discovered in Bento4 1.6.0-641 in function AP4_TfraAtom() of Ap4TfraAtom.cpp which allows a remote attacker to cause a denial of service vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-57598"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-05T22:15:33Z",
    "severity": "MODERATE"
  },
  "details": "A floating point exception (divide-by-zero) vulnerability was discovered in Bento4 1.6.0-641 in function AP4_TfraAtom() of Ap4TfraAtom.cpp which allows a remote attacker to cause a denial of service vulnerability.",
  "id": "GHSA-c6cx-89c4-f7wj",
  "modified": "2025-02-06T18:31:05Z",
  "published": "2025-02-06T06:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57598"
    },
    {
      "type": "WEB",
      "url": "https://github.com/JWH-96/Bugs-disclosure/blob/main/Bento4_FPE.md"
    },
    {
      "type": "WEB",
      "url": "http://bento4.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C6PH-M8CW-RFQH

Vulnerability from github – Published: 2024-01-03 09:30 – Updated: 2024-11-22 18:15
VLAI
Summary
PaddlePaddle floating point exception in paddle.linalg.eig
Details

FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "paddlepaddle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-38677"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-03T21:51:56Z",
    "nvd_published_at": "2024-01-03T09:15:08Z",
    "severity": "MODERATE"
  },
  "details": "FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\n\n\n\n",
  "id": "GHSA-c6ph-m8cw-rfqh",
  "modified": "2024-11-22T18:15:54Z",
  "published": "2024-01-03T09:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38677"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/PaddlePaddle/Paddle"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-009.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-132.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "PaddlePaddle floating point exception in paddle.linalg.eig"
}

GHSA-C75X-6682-HRM4

Vulnerability from github – Published: 2022-05-14 01:43 – Updated: 2022-05-14 01:43
VLAI
Details

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-16523"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-06T23:29:00Z",
    "severity": "HIGH"
  },
  "details": "Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions.",
  "id": "GHSA-c75x-6682-hrm4",
  "modified": "2022-05-14T01:43:18Z",
  "published": "2022-05-14T01:43:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16523"
    },
    {
      "type": "WEB",
      "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details"
    },
    {
      "type": "WEB",
      "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C7X8-XX5V-964J

Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-04 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

jfs: add sanity check for agwidth in dbMount

The width in dmapctl of the AG is zero, it trigger a divide error when calculating the control page level in dbAllocAG.

To avoid this issue, add a check for agwidth in dbAllocAG.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-37740"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T13:15:52Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add sanity check for agwidth in dbMount\n\nThe width in dmapctl of the AG is zero, it trigger a divide error when\ncalculating the control page level in dbAllocAG.\n\nTo avoid this issue, add a check for agwidth in dbAllocAG.",
  "id": "GHSA-c7x8-xx5v-964j",
  "modified": "2025-11-04T18:31:32Z",
  "published": "2025-05-01T15:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37740"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/722e72f7f9c69fcb3ab7988c2471feff7a4c8de1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a065cec230aa807c18828a3eee82f1c8592c2adf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a260bf14cd347878f01f70739ba829442a474a16"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a741f29ac8b6374c9904be8b7ac7cdfcd7e7e4fa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c8c96a9e7660e5e5eea445978fe8f2e432d91c1f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cc0bc4cb62ce5fa0c383e3bf0765d01f46bd49ac"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ccd97c8a4f90810f228ee40d1055148fa146dd57"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ddf2846f22e8575d6b4b6a66f2100f168b8cd73d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e3f85edb03183fb06539e5b50dd2c4bb42b869f0"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C968-PQ7H-7FXV

Vulnerability from github – Published: 2021-05-21 14:21 – Updated: 2024-10-30 23:10
VLAI
Summary
Division by 0 in `Conv3DBackprop*`
Details

Impact

The tf.raw_ops.Conv3DBackprop* operations fail to validate that the input tensors are not empty. In turn, this would result in a division by 0:

import tensorflow as tf

input_sizes = tf.constant([0, 0, 0, 0, 0], shape=[5], dtype=tf.int32)
filter_tensor = tf.constant([], shape=[0, 0, 0, 1, 0], dtype=tf.float32)
out_backprop = tf.constant([], shape=[0, 0, 0, 0, 0], dtype=tf.float32)

tf.raw_ops.Conv3DBackpropInputV2(input_sizes=input_sizes, filter=filter_tensor, out_backprop=out_backprop, strides=[1, 1, 1, 1, 1], padding='SAME', data_format='NDHWC', dilations=[1, 1, 1, 1, 1])
import tensorflow as tf

input_sizes = tf.constant([1], shape=[1, 1, 1, 1, 1], dtype=tf.float32)
filter_tensor = tf.constant([0, 0, 0, 1, 0], shape=[5], dtype=tf.int32)
out_backprop = tf.constant([], shape=[1, 1, 1, 1, 0], dtype=tf.float32)

tf.raw_ops.Conv3DBackpropFilterV2(input=input_sizes, filter_sizes=filter_tensor, out_backprop=out_backprop, strides=[1, 1, 1, 1, 1], padding='SAME', data_format='NDHWC', dilations=[1, 1, 1, 1, 1])

This is because the implementation does not check that the divisor used in computing the shard size is not zero:

  const int64 size_A = output_image_size * dims.out_depth;
  const int64 size_B = filter_total_size * dims.out_depth;
  const int64 size_C = output_image_size * filter_total_size;
  const int64 work_unit_size = size_A + size_B + size_C;
  ...
  const size_t shard_size =
      use_parallel_contraction
        ? 1
        : (target_working_set_size + work_unit_size - 1) / work_unit_size;

Thus, if attacker controls the input sizes, they can trigger a denial of service via a division by zero error.

Patches

We have patched the issue in GitHub commit 311403edbc9816df80274bd1ea8b3c0c0f22c3fa.

The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu X-Team.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-29522"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-18T23:22:10Z",
    "nvd_published_at": "2021-05-14T20:15:00Z",
    "severity": "LOW"
  },
  "details": "### Impact\nThe `tf.raw_ops.Conv3DBackprop*` operations fail to validate that the input tensors are not empty. In turn, this would result in a division by 0:\n\n```python\nimport tensorflow as tf\n\ninput_sizes = tf.constant([0, 0, 0, 0, 0], shape=[5], dtype=tf.int32)\nfilter_tensor = tf.constant([], shape=[0, 0, 0, 1, 0], dtype=tf.float32)\nout_backprop = tf.constant([], shape=[0, 0, 0, 0, 0], dtype=tf.float32)\n                            \ntf.raw_ops.Conv3DBackpropInputV2(input_sizes=input_sizes, filter=filter_tensor, out_backprop=out_backprop, strides=[1, 1, 1, 1, 1], padding=\u0027SAME\u0027, data_format=\u0027NDHWC\u0027, dilations=[1, 1, 1, 1, 1])\n```\n```python\nimport tensorflow as tf\n\ninput_sizes = tf.constant([1], shape=[1, 1, 1, 1, 1], dtype=tf.float32)\nfilter_tensor = tf.constant([0, 0, 0, 1, 0], shape=[5], dtype=tf.int32)\nout_backprop = tf.constant([], shape=[1, 1, 1, 1, 0], dtype=tf.float32)\n\ntf.raw_ops.Conv3DBackpropFilterV2(input=input_sizes, filter_sizes=filter_tensor, out_backprop=out_backprop, strides=[1, 1, 1, 1, 1], padding=\u0027SAME\u0027, data_format=\u0027NDHWC\u0027, dilations=[1, 1, 1, 1, 1])\n```\n\nThis is because the [implementation](https://github.com/tensorflow/tensorflow/blob/a91bb59769f19146d5a0c20060244378e878f140/tensorflow/core/kernels/conv_grad_ops_3d.cc#L430-L450) does not check that the divisor used in computing the shard size is not zero:\n\n```cc\n  const int64 size_A = output_image_size * dims.out_depth;\n  const int64 size_B = filter_total_size * dims.out_depth;\n  const int64 size_C = output_image_size * filter_total_size;\n  const int64 work_unit_size = size_A + size_B + size_C;\n  ...\n  const size_t shard_size =\n      use_parallel_contraction\n        ? 1\n        : (target_working_set_size + work_unit_size - 1) / work_unit_size;\n```\n\nThus, if attacker controls the input sizes, they can trigger a denial of service via a division by zero error.\n\n### Patches\nWe have patched the issue in GitHub commit [311403edbc9816df80274bd1ea8b3c0c0f22c3fa](https://github.com/tensorflow/tensorflow/commit/311403edbc9816df80274bd1ea8b3c0c0f22c3fa).\n\nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu X-Team.",
  "id": "GHSA-c968-pq7h-7fxv",
  "modified": "2024-10-30T23:10:55Z",
  "published": "2021-05-21T14:21:39Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c968-pq7h-7fxv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29522"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/311403edbc9816df80274bd1ea8b3c0c0f22c3fa"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-450.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-648.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-159.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Division by 0 in `Conv3DBackprop*`"
}

GHSA-CC62-FFCM-XV9H

Vulnerability from github – Published: 2022-05-14 01:15 – Updated: 2022-05-14 01:15
VLAI
Details

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-10020"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-03-25T00:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.",
  "id": "GHSA-cc62-ffcm-xv9h",
  "modified": "2022-05-14T01:15:48Z",
  "published": "2022-05-14T01:15:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10020"
    },
    {
      "type": "WEB",
      "url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CF72-RGJQ-HH5R

Vulnerability from github – Published: 2022-05-02 03:29 – Updated: 2022-05-02 03:29
VLAI
Details

agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-4309.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2009-1887"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-06-26T18:30:00Z",
    "severity": "MODERATE"
  },
  "details": "agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-4309.",
  "id": "GHSA-cf72-rgjq-hh5r",
  "modified": "2022-05-02T03:29:36Z",
  "published": "2022-05-02T03:29:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1887"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=506903"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8426"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9716"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:156"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1124.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-CFPJ-3Q4C-JHVR

Vulnerability from github – Published: 2021-08-25 14:40 – Updated: 2024-11-13 21:15
VLAI
Summary
Division by zero in TFLite
Details

Impact

The implementation of fully connected layers in TFLite is vulnerable to a division by zero error:

const int batch_size = input_size / filter->dims->data[1];

An attacker can craft a model such that filter->dims->data[1] is 0.

Patches

We have patched the issue in GitHub commit 718721986aa137691ee23f03638867151f74935f.

The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by members of the Aivul Team from Qihoo 360. Concurrently, it has also been reported by Yakun Zhang of Baidu Security.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.5.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.5.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.5.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2021-37680"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-24T16:24:24Z",
    "nvd_published_at": "2021-08-12T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nThe implementation of fully connected layers in TFLite is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/fully_connected.cc#L226):\n\n```cc\nconst int batch_size = input_size / filter-\u003edims-\u003edata[1];\n```\n\nAn attacker can craft a model such that `filter-\u003edims-\u003edata[1]` is 0.\n\n### Patches\nWe have patched the issue in GitHub commit [718721986aa137691ee23f03638867151f74935f](https://github.com/tensorflow/tensorflow/commit/718721986aa137691ee23f03638867151f74935f).\n\nThe fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360. Concurrently, it has also been reported by Yakun Zhang of Baidu Security.",
  "id": "GHSA-cfpj-3q4c-jhvr",
  "modified": "2024-11-13T21:15:32Z",
  "published": "2021-08-25T14:40:38Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cfpj-3q4c-jhvr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37680"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/718721986aa137691ee23f03638867151f74935f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-593.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-791.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-302.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/fully_connected.cc#L226"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Division by zero in TFLite"
}

GHSA-CFX7-2XPC-8W4H

Vulnerability from github – Published: 2021-05-21 14:27 – Updated: 2024-10-31 21:23
VLAI
Summary
Division by zero in TFLite's implementation of `BatchToSpaceNd`
Details

Impact

The implementation of the BatchToSpaceNd TFLite operator is vulnerable to a division by zero error:

TF_LITE_ENSURE_EQ(context, output_batch_size % block_shape[dim], 0);
output_batch_size = output_batch_size / block_shape[dim];

An attacker can craft a model such that one dimension of the block input is 0. Hence, the corresponding value in block_shape is 0.

Patches

We have patched the issue in GitHub commit 2c74674348a4708ced58ad6eb1b23354df8ee044.

The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by members of the Aivul Team from Qihoo 360.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-29593"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-18T15:44:05Z",
    "nvd_published_at": "2021-05-14T20:15:00Z",
    "severity": "LOW"
  },
  "details": "### Impact\nThe implementation of the `BatchToSpaceNd` TFLite operator is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/b5ed552fe55895aee8bd8b191f744a069957d18d/tensorflow/lite/kernels/batch_to_space_nd.cc#L81-L82):\n\n```cc\nTF_LITE_ENSURE_EQ(context, output_batch_size % block_shape[dim], 0);\noutput_batch_size = output_batch_size / block_shape[dim];\n```\n\nAn attacker can craft a model such that one dimension of the `block` input is 0. Hence, the corresponding value in `block_shape` is 0.\n\n### Patches\nWe have patched the issue in GitHub commit [2c74674348a4708ced58ad6eb1b23354df8ee044](https://github.com/tensorflow/tensorflow/commit/2c74674348a4708ced58ad6eb1b23354df8ee044).\n\nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
  "id": "GHSA-cfx7-2xpc-8w4h",
  "modified": "2024-10-31T21:23:54Z",
  "published": "2021-05-21T14:27:01Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cfx7-2xpc-8w4h"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29593"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/2c74674348a4708ced58ad6eb1b23354df8ee044"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-521.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-719.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-230.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/blob/b5ed552fe55895aee8bd8b191f744a069957d18d/tensorflow/lite/kernels/batch_to_space_nd.cc#L81-L82"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Division by zero in TFLite\u0027s implementation of `BatchToSpaceNd`"
}

GHSA-CGCG-9VHG-7FQ9

Vulnerability from github – Published: 2022-05-17 00:28 – Updated: 2022-05-17 00:28
VLAI
Details

QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-0142"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-10T15:29:00Z",
    "severity": "MODERATE"
  },
  "details": "QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c.",
  "id": "GHSA-cgcg-9vhg-7fq9",
  "modified": "2022-05-17T00:28:35Z",
  "published": "2022-05-17T00:28:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0142"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2014:0420"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2014:0421"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2014:0434"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2014:0435"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2014:0674"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2014-0142"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078201"
    },
    {
      "type": "WEB",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=8e53abbc20d08ae3ec30c2054e1161314ad9501d"
    },
    {
      "type": "WEB",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9302e863aa8baa5d932fc078967050c055fa1a7f"
    },
    {
      "type": "WEB",
      "url": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=8e53abbc20d08ae3ec30c2054e1161314ad9501d"
    },
    {
      "type": "WEB",
      "url": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=9302e863aa8baa5d932fc078967050c055fa1a7f"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2014/dsa-3044"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.