Primary

Context

OneFlow Segmentation Fault Vulnerability in Broadcasting/Type Conversion

Vulnerability

A vulnerability in OneFlow version 0.9.0 allows for improper input validation, leading to a segmentation fault. This issue arises when a Python sequence is added to native code during broadcasting or type conversion, causing a shape inconsistency that results in a crash.

Impact

Exploitation of this vulnerability leads to a segmentation fault, causing the application to crash.

Reproduction

The vulnerability can be reproduced by calling the 'flow.eye' function to create a tensor, and then adding a diagonal sequence to it. This operation causes a shape mismatch that triggers the segmentation fault.

Added: Nov 10, 2025, 10:31 PM

Updated: Nov 10, 2025, 10:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

1.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

1.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OneFlow Segmentation Fault Vulnerability in Broadcasting/Type Conversion

Vulnerability

Impact

Reproduction

Affected Products

OneFlow

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating