[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97389

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Divide By Zero

ID: 369Date: (C)2012-05-14   (M)2017-11-15
Type: weaknessStatus: DRAFT
Abstraction Type: Base





Description

The product divides a value by zero.

Extended Description

This weakness typically occurs when an unexpected value is provided to the product, or if an error occurs that is not properly detected. It frequently occurs in calculations involving physical dimensions such as size, length, width, and height.

Likelihood of Exploit: Medium

Applicable Platforms
None

Time Of Introduction

  • Implementation

Common Consequences

ScopeTechnical ImpactNotes
Availability
 
DoS: crash / exit / restart
 
A Divide by Zero results in a crash.
 

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWETypeViewChain
CWE-369 ChildOf CWE-885 Category CWE-888  

Demonstrative Examples   (Details)

  1. The following C# example contains a function that divides two numeric values without verifying that the input value used as the denominator is not zero. This will create an error for attempting to divide by zero, if this error is not caught by the error handling capabilities of the language, unexpected results can occur.
  2. The following C/C++ example contains a function that divides two numeric values without verifying that the input value used as the denominator is not zero. This will create an error for attempting to divide by zero, if this error is not caught by the error handling capabilities of the language, unexpected results can occur.
  3. The following Java example contains a function to compute an average but does not validate that the input value used as the denominator is not zero. This will create an exception for attempting to divide by zero. If this error is not handled by Java exception handling, unexpected results can occur.

Observed Examples

  1. CVE-2007-3268 : Invalid size value leads to divide by zero.
  2. CVE-2007-2723 : "Empty" content triggers divide by zero.
  3. CVE-2007-2237 : Height value of 0 triggers divide by zero.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
OWASP Top Ten 2004 A9
 
Denial of Service
 
CWE_More_Specific
 
CERT C Secure Coding FLP03-C
 
Detect and handle floating point errors
 
 
CERT C Secure Coding INT33-C
 
Ensure that division and modulo operations do not result in divide-by-zero errors
 
 
CERT Java Secure Coding NUM02-J
 
Ensure that division and modulo operations do not result in divide-by-zero errors
 
 
CERT C++ Secure Coding INT33-CPP
 
Ensure that division and modulo operations do not result in divide-by-zero errors
 
 
CERT C++ Secure Coding FLP03-CPP
 
Detect and handle floating point errors
 
 

References:
None

© 2013 SecPod Technologies