Common Weakness Enumeration

CWE-369

Allowed

Divide By Zero

Abstraction: Base · Status: Draft

The product divides a value by zero.

579 vulnerabilities reference this CWE, most recent first.

GHSA-M9M9-CM93-P2R4

Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2022-05-13 01:13
VLAI
Details

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-10018"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-03-25T00:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.",
  "id": "GHSA-m9m9-cm93-p2r4",
  "modified": "2022-05-13T01:13:47Z",
  "published": "2022-05-13T01:13:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10018"
    },
    {
      "type": "WEB",
      "url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41276"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4042-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MCVP-7WV4-CG3W

Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44
VLAI
Details

A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a divide by zero operation could occur and cause the application to terminate unexpectedly and must be restarted to restore the service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-25675"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-15T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a divide by zero operation could occur and cause the application to terminate unexpectedly and must be restarted to restore the service.",
  "id": "GHSA-mcvp-7wv4-cg3w",
  "modified": "2022-05-24T17:44:34Z",
  "published": "2022-05-24T17:44:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25675"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-256092.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MF33-8PGP-Q5FX

Vulnerability from github – Published: 2022-03-16 00:00 – Updated: 2022-03-23 00:00
VLAI
Details

Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-42390"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-14T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Divide-by-zero in Clickhouse\u0027s DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.",
  "id": "GHSA-mf33-8pgp-q5fx",
  "modified": "2022-03-23T00:00:46Z",
  "published": "2022-03-16T00:00:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42390"
    },
    {
      "type": "WEB",
      "url": "https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MF62-GM5R-38WJ

Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2025-11-03 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Initialize denominators' default to 1

[WHAT & HOW] Variables used as denominators and maybe not assigned to other values, should not be 0. Change their default to 1 so they are never 0.

This fixes 10 DIVIDE_BY_ZERO issues reported by Coverity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49899"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T18:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Initialize denominators\u0027 default to 1\n\n[WHAT \u0026 HOW]\nVariables used as denominators and maybe not assigned to other values,\nshould not be 0. Change their default to 1 so they are never 0.\n\nThis fixes 10 DIVIDE_BY_ZERO issues reported by Coverity.",
  "id": "GHSA-mf62-gm5r-38wj",
  "modified": "2025-11-03T21:31:22Z",
  "published": "2024-10-21T18:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49899"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7f8e93b862aba08d540f1e9e03e0ceb4d0cfd5fb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9be768f08b16f020da376538b08463ac3a2ce8cd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9f35cec5e4b9759b38c663d18eae4eaf30f36527"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b995c0a6de6c74656a0c39cd57a0626351b13e3c"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MG8F-GMVX-PVJJ

Vulnerability from github – Published: 2025-01-11 15:30 – Updated: 2025-11-03 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/modes: Avoid divide by zero harder in drm_mode_vrefresh()

drm_mode_vrefresh() is trying to avoid divide by zero by checking whether htotal or vtotal are zero. But we may still end up with a div-by-zero of vtotalhtotal...

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56369"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-11T13:15:28Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/modes: Avoid divide by zero harder in drm_mode_vrefresh()\n\ndrm_mode_vrefresh() is trying to avoid divide by zero\nby checking whether htotal or vtotal are zero. But we may\nstill end up with a div-by-zero of vtotal*htotal*...",
  "id": "GHSA-mg8f-gmvx-pvjj",
  "modified": "2025-11-03T21:32:07Z",
  "published": "2025-01-11T15:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56369"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/47c8b6cf1d08f0ad40d7ea7b025442e51b35ee1f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/69fbb01e891701e6d04db1ddb5ad49e42c4dd963"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9398332f23fab10c5ec57c168b44e72997d6318e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b39de5a71bac5641d0fda33d1cf5682d82cf1ae5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e7c7b48a0fc5ed83baae400a1b15e33978c25d7f"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MGJX-CG3Q-7VJW

Vulnerability from github – Published: 2026-04-13 15:31 – Updated: 2026-07-14 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net/sched: sch_hfsc: fix divide-by-zero in rtsc_min()

m2sm() converts a u32 slope to a u64 scaled value. For large inputs (e.g. m1=4000000000), the result can reach 2^32. rtsc_min() stores the difference of two such u64 values in a u32 variable dsm and uses it as a divisor. When the difference is exactly 2^32 the truncation yields zero, causing a divide-by-zero oops in the concave-curve intersection path:

Oops: divide error: 0000 RIP: 0010:rtsc_min (net/sched/sch_hfsc.c:601) Call Trace: init_ed (net/sched/sch_hfsc.c:629) hfsc_enqueue (net/sched/sch_hfsc.c:1569) [...]

Widen dsm to u64 and replace do_div() with div64_u64() so the full difference is preserved.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31423"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-13T14:16:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_hfsc: fix divide-by-zero in rtsc_min()\n\nm2sm() converts a u32 slope to a u64 scaled value.  For large inputs\n(e.g. m1=4000000000), the result can reach 2^32.  rtsc_min() stores\nthe difference of two such u64 values in a u32 variable `dsm` and\nuses it as a divisor.  When the difference is exactly 2^32 the\ntruncation yields zero, causing a divide-by-zero oops in the\nconcave-curve intersection path:\n\n  Oops: divide error: 0000\n  RIP: 0010:rtsc_min (net/sched/sch_hfsc.c:601)\n  Call Trace:\n   init_ed (net/sched/sch_hfsc.c:629)\n   hfsc_enqueue (net/sched/sch_hfsc.c:1569)\n   [...]\n\nWiden `dsm` to u64 and replace do_div() with div64_u64() so the full\ndifference is preserved.",
  "id": "GHSA-mgjx-cg3q-7vjw",
  "modified": "2026-07-14T15:31:51Z",
  "published": "2026-04-13T15:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31423"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/17c1b9807b8a67d676b6dcf749ee932ebaa7f568"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/25b6821884713a31e2b49fb67b0ebd765b33e0a9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4576100b8cd03118267513cafacde164b498b322"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ab1ff5890c7354afc7be56502fcfbd61f3b7ae4f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ad8e8fec40290a8c8cf145c0deaadf76f80c5163"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b9e6431cbea8bb1fae8069ed099b4ee100499835"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c56f78614e7781aaceca9bd3cb2128bf7d45c3bd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d0aefec1b1a1ba2c1d251028dc2c4e5b4ce1fea5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MJ8F-265F-RV38

Vulnerability from github – Published: 2026-03-10 18:31 – Updated: 2026-03-10 18:31
VLAI
Details

Divide by zero in Microsoft Graphics Component allows an unauthorized attacker to deny service locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-25169"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-10T18:18:30Z",
    "severity": "MODERATE"
  },
  "details": "Divide by zero in Microsoft Graphics Component allows an unauthorized attacker to deny service locally.",
  "id": "GHSA-mj8f-265f-rv38",
  "modified": "2026-03-10T18:31:20Z",
  "published": "2026-03-10T18:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25169"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25169"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MJV8-7JX2-FJMQ

Vulnerability from github – Published: 2022-05-14 01:55 – Updated: 2022-05-14 01:55
VLAI
Details

A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-17434"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-24T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.",
  "id": "GHSA-mjv8-7jx2-fjmq",
  "modified": "2022-05-14T01:55:57Z",
  "published": "2022-05-14T01:55:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17434"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_apply_filters_h5repack_filters"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00009.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MP45-F49C-FG56

Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:47
VLAI
Details

An issue was discovered in Bitdefender Engines before 7.76662. A vulnerability has been discovered in the iso.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a division-by-zero circumstance. Paired with other vulnerabilities, this can result in denial-of-service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-18058"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-24T17:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Bitdefender Engines before 7.76662. A vulnerability has been discovered in the iso.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a division-by-zero circumstance. Paired with other vulnerabilities, this can result in denial-of-service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.",
  "id": "GHSA-mp45-f49c-fg56",
  "modified": "2024-04-04T00:47:21Z",
  "published": "2022-05-24T16:46:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18058"
    },
    {
      "type": "WEB",
      "url": "https://www.bitdefender.com"
    },
    {
      "type": "WEB",
      "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-iso-xmd-iso-parsing-bounds-read-vulnerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MQ6F-3MW5-JG7G

Vulnerability from github – Published: 2022-05-24 16:48 – Updated: 2023-02-27 18:32
VLAI
Details

Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-20845"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-26T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).",
  "id": "GHSA-mq6f-3mw5-jg7g",
  "modified": "2023-02-27T18:32:03Z",
  "published": "2022-05-24T16:48:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20845"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uclouvain/openjpeg/pull/1168/commits/c5bd64ea146162967c29bd2af0cbb845ba3eaaaf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108921"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.