CWE-369: Divide By Zero
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.
For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.
For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.
For users who wish to see all available information for the CWE/CAPEC entry.
For users who want to customize what details are displayed.
×
Edit Custom Filter
This weakness typically occurs when an unexpected value is provided to the product, or if an error occurs that is not properly detected. It frequently occurs in calculations involving physical dimensions such as size, length, width, and height.
![]()
![]() ![]()
![]()
![]()
![]()
![]()
![]()
Example 1 The following Java example contains a function to compute an average but does not validate that the input value used as the denominator is not zero. This will create an exception for attempting to divide by zero. If this error is not handled by Java exception handling, unexpected results can occur. (bad code)
Example Language: Java
public int computeAverageResponseTime (int totalTime, int numRequests) {
return totalTime / numRequests; }By validating the input value used as the denominator the following code will ensure that a divide by zero error will not cause unexpected results. The following Java code example will validate the input value, output an error message, and throw an exception. (good code)
Example Language: Java
public int computeAverageResponseTime (int totalTime, int numRequests) throws ArithmeticException {
if (numRequests == 0) { }System.out.println("Division by zero attempted!"); }throw ArithmeticException; return totalTime / numRequests; Example 2 The following C/C++ example contains a function that divides two numeric values without verifying that the input value used as the denominator is not zero. This will create an error for attempting to divide by zero, if this error is not caught by the error handling capabilities of the language, unexpected results can occur. (bad code)
Example Language: C
double divide(double x, double y){
return x/y; }By validating the input value used as the denominator the following code will ensure that a divide by zero error will not cause unexpected results. If the method is called and a zero is passed as the second argument a DivideByZero error will be thrown and should be caught by the calling block with an output message indicating the error. (good code)
Example Language: C
const int DivideByZero = 10;
double divide(double x, double y){ if ( 0 == y ){ }throw DivideByZero; }return x/y; ... try{ divide(10, 0); }catch( int i ){ if(i==DivideByZero) { }cerr<<"Divide by zero error"; }
Example 3 The following C# example contains a function that divides two numeric values without verifying that the input value used as the denominator is not zero. This will create an error for attempting to divide by zero, if this error is not caught by the error handling capabilities of the language, unexpected results can occur. (bad code)
Example Language: C#
int Division(int x, int y){
return (x / y); }The method can be modified to raise, catch and handle the DivideByZeroException if the input value used as the denominator is zero. (good code)
Example Language: C#
int SafeDivision(int x, int y){
try{ }return (x / y); }catch (System.DivideByZeroException dbz){ System.Console.WriteLine("Division by zero attempted!"); }return 0;
Note: this is a curated list of examples for users to understand the variety of ways in which this weakness can be introduced. It is not a complete list of all CVEs that are related to this CWE entry.
![]()
More information is available — Please edit the custom filter or select a different filter. |
Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2025, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation. |