Primary

Context

CISA Thorium Stream Processing Divide-By-Zero Vulnerability

Vulnerability

A divide-by-zero vulnerability has been identified in CISA Thorium, specifically in versions 1.1.0 prior to 1.1.1. This issue arises when a user sets the stream split size to zero, leading to a service crash. The vulnerability can be exploited by remote, authenticated attackers.

Impact

Exploitation of this vulnerability causes the service to crash, creating a denial-of-service condition.

Reproduction

To reproduce this vulnerability, send a request to the Thorium API 'get streams' endpoint with the split size parameter set to zero. This will trigger a divide-by-zero error, causing the service to panic and crash.

Remediation

Users can upgrade to CISA Thorium version 1.1.1 or later to address this vulnerability.

Added: Sep 17, 2025, 5:20 PM

Updated: Sep 17, 2025, 5:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.3

remediation

0.0

relevance

0.5

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.3

remediation

0.0

relevance

0.5

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CISA Thorium Stream Processing Divide-By-Zero Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating