Primary

Context

OneFlow Shape Mismatch Vulnerability Leading to Denial-of-Service

Vulnerability

A shape mismatch vulnerability has been identified in OneFlow version 0.9.0. This vulnerability allows attackers to cause a denial-of-service by supplying crafted tensor shapes. The issue arises when the dimensions of tensors do not align as expected, leading to segmentation faults and core dumps.

Impact

Exploitation of this vulnerability causes a segmentation fault, resulting in a core dump.

Reproduction

The vulnerability can be reproduced by calling the 'flow.eye' function to create a tensor, and then adding a diagonal tensor with a mismatched shape. This operation causes a shape inconsistency that leads to a segmentation fault.

Added: Jan 28, 2026, 5:25 PM

Updated: Jan 28, 2026, 5:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OneFlow Shape Mismatch Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

OneFlow

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating