Divide By ZeroID: 369 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: DRAFT |
Abstraction Type: Base |
Description
The product divides a value by zero.
Extended DescriptionThis weakness typically occurs when an unexpected value is provided to the
product, or if an error occurs that is not properly detected. It frequently
occurs in calculations involving physical dimensions such as size, length,
width, and height.
Likelihood of Exploit: Medium
Applicable PlatformsNone
Time Of Introduction
Common Consequences
Scope | Technical Impact | Notes |
---|
Availability | DoS: crash / exit /
restart | A Divide by Zero results in a crash. |
Detection MethodsNone
Potential MitigationsNone
Relationships
Related CWE | Type | View | Chain |
---|
CWE-369 ChildOf CWE-885 | Category | CWE-888 | |
Demonstrative Examples (Details)
- The following C# example contains a function that divides two
numeric values without verifying that the input value used as the
denominator is not zero. This will create an error for attempting to divide
by zero, if this error is not caught by the error handling capabilities of
the language, unexpected results can occur.
- The following C/C++ example contains a function that divides two
numeric values without verifying that the input value used as the
denominator is not zero. This will create an error for attempting to divide
by zero, if this error is not caught by the error handling capabilities of
the language, unexpected results can occur.
- The following Java example contains a function to compute an average
but does not validate that the input value used as the denominator is not
zero. This will create an exception for attempting to divide by zero. If
this error is not handled by Java exception handling, unexpected results can
occur.
Observed Examples
- CVE-2007-3268 : Invalid size value leads to divide by zero.
- CVE-2007-2723 : "Empty" content triggers divide by zero.
- CVE-2007-2237 : Height value of 0 triggers divide by zero.
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
OWASP Top Ten 2004 | A9 | Denial of Service | CWE_More_Specific |
CERT C Secure Coding | FLP03-C | Detect and handle floating point errors | |
CERT C Secure Coding | INT33-C | Ensure that division and modulo operations do not result in
divide-by-zero errors | |
CERT Java Secure Coding | NUM02-J | Ensure that division and modulo operations do not result in
divide-by-zero errors | |
CERT C++ Secure Coding | INT33-CPP | Ensure that division and modulo operations do not result in
divide-by-zero errors | |
CERT C++ Secure Coding | FLP03-CPP | Detect and handle floating point errors | |
References:None