CWE-369
AllowedDivide By Zero
Abstraction: Base · Status: Draft
The product divides a value by zero.
579 vulnerabilities reference this CWE, most recent first.
GHSA-9GG3-M428-P884
Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2023-03-12 00:30A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
{
"affected": [],
"aliases": [
"CVE-2020-27765"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-04T15:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.",
"id": "GHSA-9gg3-m428-p884",
"modified": "2023-03-12T00:30:16Z",
"published": "2022-05-24T17:35:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27765"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894684"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-9MH7-QWWJ-X8QJ
Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.
{
"affected": [],
"aliases": [
"CVE-2016-9112"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-10-29T10:59:00Z",
"severity": "HIGH"
},
"details": "Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.",
"id": "GHSA-9mh7-qwwj-x8qj",
"modified": "2022-05-13T01:16:23Z",
"published": "2022-05-13T01:16:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9112"
},
{
"type": "WEB",
"url": "https://github.com/uclouvain/openjpeg/issues/855"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00010.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201710-26"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93978"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9MHR-6WXF-G8F3
Vulnerability from github – Published: 2022-05-17 01:17 – Updated: 2025-04-12 13:03epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.
{
"affected": [],
"aliases": [
"CVE-2016-6505"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-08-06T23:59:00Z",
"severity": "MODERATE"
},
"details": "epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.",
"id": "GHSA-9mhr-6wxf-g8f3",
"modified": "2025-04-12T13:03:15Z",
"published": "2022-05-17T01:17:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6505"
},
{
"type": "WEB",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12577"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=94e97e45cf614c7bb8fe90c23df52910246b2c95"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=94e97e45cf614c7bb8fe90c23df52910246b2c95"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/40197"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2016/07/28/3"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3648"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/92163"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036480"
},
{
"type": "WEB",
"url": "http://www.wireshark.org/security/wnpa-sec-2016-41.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9MWP-3938-CJ9R
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-14 18:31In the Linux kernel, the following vulnerability has been resolved:
video: fbdev: i740fb: Check the argument of i740_calc_vclk()
Since the user can control the arguments of the ioctl() from the user space, under special arguments that may result in a divide-by-zero bug.
If the user provides an improper 'pixclock' value that makes the argumet of i740_calc_vclk() less than 'I740_RFREQ_FIX', it will cause a divide-by-zero bug in: drivers/video/fbdev/i740fb.c:353 p_best = min(15, ilog2(I740_MAX_VCO_FREQ / (freq / I740_RFREQ_FIX)));
The following log can reveal it:
divide error: 0000 [#1] PREEMPT SMP KASAN PTI RIP: 0010:i740_calc_vclk drivers/video/fbdev/i740fb.c:353 [inline] RIP: 0010:i740fb_decode_var drivers/video/fbdev/i740fb.c:646 [inline] RIP: 0010:i740fb_set_par+0x163f/0x3b70 drivers/video/fbdev/i740fb.c:742 Call Trace: fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1034 do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189
Fix this by checking the argument of i740_calc_vclk() first.
{
"affected": [],
"aliases": [
"CVE-2022-50010"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T11:15:28Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: i740fb: Check the argument of i740_calc_vclk()\n\nSince the user can control the arguments of the ioctl() from the user\nspace, under special arguments that may result in a divide-by-zero bug.\n\nIf the user provides an improper \u0027pixclock\u0027 value that makes the argumet\nof i740_calc_vclk() less than \u0027I740_RFREQ_FIX\u0027, it will cause a\ndivide-by-zero bug in:\n drivers/video/fbdev/i740fb.c:353 p_best = min(15, ilog2(I740_MAX_VCO_FREQ / (freq / I740_RFREQ_FIX)));\n\nThe following log can reveal it:\n\ndivide error: 0000 [#1] PREEMPT SMP KASAN PTI\nRIP: 0010:i740_calc_vclk drivers/video/fbdev/i740fb.c:353 [inline]\nRIP: 0010:i740fb_decode_var drivers/video/fbdev/i740fb.c:646 [inline]\nRIP: 0010:i740fb_set_par+0x163f/0x3b70 drivers/video/fbdev/i740fb.c:742\nCall Trace:\n fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1034\n do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110\n fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189\n\nFix this by checking the argument of i740_calc_vclk() first.",
"id": "GHSA-9mwp-3938-cj9r",
"modified": "2025-11-14T18:31:25Z",
"published": "2025-06-18T12:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50010"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2b7f559152a33c55f51b569b22efbe5e24886798"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/40bf722f8064f50200b8c4f8946cd625b441dda9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4b20c61365140d432dee7da7aa294215e7b900d9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/59cefb583c984c0da8cf21a4c57d26d5a20dff5c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/656689cb03ada4650016c153346939a1c334b1ae"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d2d375eb68b4b8de6ea7460483a26fa9de56b443"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e740e787f06671455b59d1e498c9945f7b4e7b3b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f350812e2d15278f1d867eeb997407782234fb3c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9Q2X-2Q4W-WFFW
Vulnerability from github – Published: 2022-07-01 00:01 – Updated: 2023-01-21 03:30Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.
{
"affected": [],
"aliases": [
"CVE-2022-2056"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-30T16:15:00Z",
"severity": "MODERATE"
},
"details": "Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.",
"id": "GHSA-9q2x-2q4w-wffw",
"modified": "2023-01-21T03:30:28Z",
"published": "2022-07-01T00:01:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2056"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2056.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/415"
},
{
"type": "WEB",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/346"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TSS7MJ7OO7JO5BNKCRYSFU7UAYOKLA2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXUMJXVEAYFWRO3U3YHKSULHIVDOLEQS"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220826-0001"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5333"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9Q64-VQCR-HW99
Vulnerability from github – Published: 2022-05-01 18:11 – Updated: 2024-02-02 03:30The TFTP implementation in IBM Tivoli Provisioning Manager for OS Deployment 5.1 before Fix Pack 3 allows remote attackers to cause a denial of service (rembo.exe crash and multiple service outage) via a read (RRQ) request with an invalid blksize (blocksize), which triggers a divide-by-zero error.
{
"affected": [],
"aliases": [
"CVE-2007-3268"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2007-07-18T23:30:00Z",
"severity": "MODERATE"
},
"details": "The TFTP implementation in IBM Tivoli Provisioning Manager for OS Deployment 5.1 before Fix Pack 3 allows remote attackers to cause a denial of service (rembo.exe crash and multiple service outage) via a read (RRQ) request with an invalid blksize (blocksize), which triggers a divide-by-zero error.",
"id": "GHSA-9q64-vqcr-hw99",
"modified": "2024-02-02T03:30:31Z",
"published": "2022-05-01T18:11:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3268"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35468"
},
{
"type": "WEB",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=560"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/26093"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1018401"
},
{
"type": "WEB",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24016347"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/24942"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/2560"
},
{
"type": "WEB",
"url": "http://www3.software.ibm.com/ibmdl/pub/software/tivoli_support/patches/patches_5.1.0/5.1.0-TIV-TPMOSD-FP0003/5.1.0-TIV-TPMOSD-FP0003.README.HTM"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9R4H-7XV2-84WF
Vulnerability from github – Published: 2023-08-07 15:30 – Updated: 2025-02-13 18:31Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3
{
"affected": [],
"aliases": [
"CVE-2023-3896"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-07T13:15:12Z",
"severity": "HIGH"
},
"details": "Divide By Zero in vim/vim from\u00a09.0.1367-1 to\u00a09.0.1367-3",
"id": "GHSA-9r4h-7xv2-84wf",
"modified": "2025-02-13T18:31:45Z",
"published": "2023-08-07T15:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3896"
},
{
"type": "WEB",
"url": "https://github.com/vim/vim/issues/12528"
},
{
"type": "WEB",
"url": "https://github.com/vim/vim/pull/12540"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230831-0012"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9RXJ-WRX5-6463
Vulnerability from github – Published: 2026-01-28 21:31 – Updated: 2026-01-30 00:31A floating point exception (FPE) in the oneflow.reshape component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
{
"affected": [],
"aliases": [
"CVE-2025-71006"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-28T21:16:09Z",
"severity": "MODERATE"
},
"details": "A floating point exception (FPE) in the oneflow.reshape component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.",
"id": "GHSA-9rxj-wrx5-6463",
"modified": "2026-01-30T00:31:22Z",
"published": "2026-01-28T21:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71006"
},
{
"type": "WEB",
"url": "https://github.com/Oneflow-Inc/oneflow/issues/10653"
},
{
"type": "WEB",
"url": "https://github.com/Daisy2ang"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9V75-P4CG-F8C9
Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2023-03-12 00:30In GammaImage() of /MagickCore/enhance.c, depending on the gamma value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the PerceptibleReciprocal() to prevent the divide-by-zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.
{
"affected": [],
"aliases": [
"CVE-2020-27760"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-03T17:15:00Z",
"severity": "MODERATE"
},
"details": "In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it\u0027s possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.",
"id": "GHSA-9v75-p4cg-f8c9",
"modified": "2023-03-12T00:30:16Z",
"published": "2022-05-24T17:35:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27760"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894239"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9VPM-RCF4-9WQW
Vulnerability from github – Published: 2021-05-21 14:26 – Updated: 2024-11-01 17:09Impact
The implementation of tf.raw_ops.MaxPoolGradWithArgmax is vulnerable to a division by 0:
import tensorflow as tf
input = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32)
grad = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32)
argmax = tf.constant([], shape=[0], dtype=tf.int64)
ksize = [1, 1, 1, 1]
strides = [1, 1, 1, 1]
tf.raw_ops.MaxPoolGradWithArgmax(
input=input, grad=grad, argmax=argmax, ksize=ksize, strides=strides,
padding='SAME', include_batch_in_index=False)
The implementation fails to validate that the batch dimension of the tensor is non-zero, before dividing by this quantity.
Patches
We have patched the issue in GitHub commit 376c352a37ce5a68b721406dc7e77ac4b6cf483d.
The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Ying Wang and Yakun Zhang of Baidu X-Team.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29573"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-18T18:38:17Z",
"nvd_published_at": "2021-05-14T20:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nThe implementation of `tf.raw_ops.MaxPoolGradWithArgmax` is vulnerable to a division by 0:\n\n```python\nimport tensorflow as tf\n\ninput = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32)\ngrad = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32)\nargmax = tf.constant([], shape=[0], dtype=tf.int64)\nksize = [1, 1, 1, 1]\nstrides = [1, 1, 1, 1]\n\ntf.raw_ops.MaxPoolGradWithArgmax(\n input=input, grad=grad, argmax=argmax, ksize=ksize, strides=strides,\n padding=\u0027SAME\u0027, include_batch_in_index=False)\n```\n \nThe [implementation](https://github.com/tensorflow/tensorflow/blob/279bab6efa22752a2827621b7edb56a730233bd8/tensorflow/core/kernels/maxpooling_op.cc#L1033-L1034) fails to validate that the batch dimension of the tensor is non-zero, before dividing by this quantity.\n\n### Patches\nWe have patched the issue in GitHub commit [376c352a37ce5a68b721406dc7e77ac4b6cf483d](https://github.com/tensorflow/tensorflow/commit/376c352a37ce5a68b721406dc7e77ac4b6cf483d).\n\nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Ying Wang and Yakun Zhang of Baidu X-Team.",
"id": "GHSA-9vpm-rcf4-9wqw",
"modified": "2024-11-01T17:09:55Z",
"published": "2021-05-21T14:26:07Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vpm-rcf4-9wqw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29573"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/376c352a37ce5a68b721406dc7e77ac4b6cf483d"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-501.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-699.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-210.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Division by 0 in `MaxPoolGradWithArgmax`"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.