Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-369 (除零错误) — Vulnerability Class 132

132 vulnerabilities classified as CWE-369 (除零错误). AI Chinese analysis included.

CWE-369, Divide By Zero, is a logical weakness where a software product attempts to divide a value by zero, causing a runtime error or application crash. This flaw typically arises when unexpected user input or internal state errors bypass validation checks, particularly in calculations involving physical dimensions like length or width. Exploitation often results in denial of service, as the resulting exception disrupts normal program flow and may expose sensitive stack traces to attackers. To mitigate this risk, developers must implement robust input validation to ensure divisor values are non-zero before arithmetic operations. Additionally, employing defensive programming techniques, such as explicit error handling blocks and boundary checks, allows the application to gracefully manage invalid inputs. By rigorously testing edge cases and enforcing strict data integrity constraints, engineers can prevent these arithmetic anomalies from compromising system stability and security.

MITRE CWE Description
The product divides a value by zero. This weakness typically occurs when an unexpected value is provided to the product, or if an error occurs that is not properly detected. It frequently occurs in calculations involving physical dimensions such as size, length, width, and height.
Common Consequences (1)
AvailabilityDoS: Crash, Exit, or Restart
A Divide by Zero results in a crash.
Examples (2)
The following Java example contains a function to compute an average but does not validate that the input value used as the denominator is not zero. This will create an exception for attempting to divide by zero. If this error is not handled by Java exception handling, unexpected results can occur.
public int computeAverageResponseTime (int totalTime, int numRequests) { return totalTime / numRequests; }
Bad · Java
public int computeAverageResponseTime (int totalTime, int numRequests) throws ArithmeticException { if (numRequests == 0) { System.out.println("Division by zero attempted!"); throw ArithmeticException; } return totalTime / numRequests; }
Good · Java
The following C/C++ example contains a function that divides two numeric values without verifying that the input value used as the denominator is not zero. This will create an error for attempting to divide by zero, if this error is not caught by the error handling capabilities of the language, unexpected results can occur.
double divide(double x, double y){ return x/y; }
Bad · C
const int DivideByZero = 10; double divide(double x, double y){ if ( 0 == y ){ throw DivideByZero; } return x/y; } ... try{ divide(10, 0); } catch( int i ){ if(i==DivideByZero) { cerr<<"Divide by zero error"; } }
Good · C
CVE IDTitleCVSSSeverityPublished
CVE-2023-52308 FPE in paddle.amin — PaddlePaddle 4.7 Medium2024-01-03
CVE-2023-52306 FPE in paddle.lerp — PaddlePaddle 4.7 Medium2024-01-03
CVE-2023-52305 FPE in paddle.topk — PaddlePaddle 4.7 Medium2024-01-03
CVE-2023-38677 FPE in paddle.linalg.eig — PaddlePaddle 4.7 Medium2024-01-03
CVE-2023-38675 FPE in paddle.linalg.matrix_rank — PaddlePaddle 4.7 Medium2024-01-03
CVE-2023-38674 FPE in paddle.nanmedian — PaddlePaddle 4.7 Medium2024-01-03
CVE-2023-46849 OpenVPN 安全漏洞 — OpenVPN 2 (Community) 7.5 -2023-11-11
CVE-2023-4678 Divide By Zero in gpac/gpac — gpac/gpac 7.1 -2023-08-31
CVE-2023-2906 Wireshark CP2179 divide by zero — Wireshark 7.5 -2023-08-25
CVE-2023-3896 A divide by zero issue existed in vim of OpenCloudOS Stream — OpenCloudOS Stream 7.8 High2023-08-07
CVE-2023-38672 FPE in paddle.linalg.matrix_power — PaddlePaddle 4.7 Medium2023-07-26
CVE-2021-32494 Radare2 数字错误漏洞 — radare2 10.0 Critical2023-07-07
CVE-2023-3044 Divide-by-zero in Xpdf 4.04 due to very large page size — Xpdf 3.3 Low2023-06-02
CVE-2023-2839 Divide By Zero in gpac/gpac — gpac/gpac 7.1 -2023-05-22
CVE-2023-2662 Divide-by-zero in Xpdf 4.04 due to bad color space object — Xpdf 2.9 Low2023-05-11
CVE-2023-25511 NVIDIA CUDA Toolkit 数字错误漏洞 — NVIDIA CUDA Toolkit 3.3 Low2023-04-22
CVE-2023-1127 Divide By Zero in vim/vim — vim/vim 7.8 -2023-03-01
CVE-2023-0512 Divide By Zero in vim/vim — vim/vim 7.8 -2023-01-26
CVE-2023-21789 3D Builder Remote Code Execution Vulnerability — 3D Builder 7.8 High2023-01-10
CVE-2022-41287 Siemens部分产品 数字错误漏洞 — JT2Go 3.3 Low2022-12-13
CVE-2022-35996 Floating point exception in `Conv2D` in TensorFlow — tensorflow 5.9 Medium2022-09-16
CVE-2022-3061 Linux kernel 数字错误漏洞 — Kernel 5.5 -2022-09-01
CVE-2021-4216 Artifex Software MuPDF 数字错误漏洞 — mupdf 5.0 -2022-08-26
CVE-2021-23210 SoX 数字错误漏洞 — SoX (Sound eXchange) 5.5 -2022-08-25
CVE-2021-33844 SoX 数字错误漏洞 — SoX (Sound eXchange) 5.5 -2022-08-25
CVE-2020-27790 UPX 数字错误漏洞 — upx 5.5 -2022-08-18
CVE-2021-3432 BT: Invalid interval in CONNECT_IND leads to Division by Zero — zephyr 4.3 Medium2022-06-28
CVE-2021-33654 Huawei MindSpore Community 数字错误漏洞 — openEuler:mindspore 7.5 -2022-06-27
CVE-2021-33653 Huawei MindSpore Community数字错误漏洞 — openEuler:mindspore 7.5 -2022-06-27
CVE-2021-33651 Huawei MindSpore Community 数字错误漏洞 — openEuler:mindspore 7.5 -2022-06-27

Vulnerabilities classified as CWE-369 (除零错误) represent 132 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.