By weakness (CWE)
CWE-369: related vulnerabilities
CVEs classified under CWE-369. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
4 published vulnerabilities
- CVE-2026-37232HIGH 8.6
OpenAirInterface5G version 2.4.0 contains a vulnerability in how it calculates radio resource block (PRB) utilization metrics for 5G base stations. An attacker on the network can repeatedly request performance monitoring data via the FlexRIC interface, causing the base station software to crash when certain metric calculations divide by zero. The crash takes down the entire 5G cell, disconnecting all users. This requires no authentication and can be triggered remotely.
- CVE-2025-70100MEDIUM 5.5
CVE-2025-70100 is a denial-of-service vulnerability in lwext4, a lightweight ext4 filesystem library. An attacker can craft a malicious ext4 filesystem image containing a zero logical block size that crashes any application using lwext4 to mount or process the image. The library fails to validate the block size parameter before performing arithmetic operations, leading to a divide-by-zero condition. While this vulnerability cannot be exploited for data theft or system compromise, it can disrupt services that depend on lwext4 for filesystem operations, such as embedded systems, recovery tools, or specialized storage applications.
- CVE-2026-46161MEDIUM 5.5
A divide-by-zero vulnerability exists in the Linux kernel's RAID10 disk management code. When a user configures RAID10 with a "far_copies" value of zero, the kernel crashes instead of rejecting the invalid configuration. This requires local access and root-level privileges to trigger, making it a local denial-of-service risk rather than a remote compromise threat.
- CVE-2026-10201LOW 3.3
CVE-2026-10201 is a divide-by-zero flaw in Assimp (Asset Importer Library), a widely-used 3D model processing library. The defect exists in the UV Channel Handler component, specifically within the FBXExporter::WriteObjects function in FBXExporter.cpp. When a user with local access supplies specially crafted input, the vulnerability triggers a division-by-zero error that crashes the application. Because this is a local-only attack requiring user-level privileges and the impact is availability-focused (denial of service via crash), the risk is classified as low. However, the fact that proof-of-concept code has been publicly released means defenders should not assume this will remain a theoretical concern.