Primary

Context

OneFlow Division-by-Zero Vulnerability in the flow.floor_divide() Component Allowing Denial-of-Service

Vulnerability

A division-by-zero vulnerability has been identified in OneFlow version 0.9.0, specifically within the flow.floor_divide() function. This vulnerability allows attackers to cause a denial-of-service (DoS) by sending a crafted input tensor that includes zero, leading to a floating-point exception, a crash, and a core dump.

Impact

Exploitation of this vulnerability causes a floating-point exception, leading to a crash and a core dump.

Reproduction

The vulnerability can be reproduced by calling the flow.floor_divide() function with a tensor containing zeros as the divisor. This will trigger a division-by-zero error, causing a floating-point exception and a core dump.

Added: Jan 28, 2026, 5:24 PM

Updated: Jan 28, 2026, 5:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.6

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.6

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OneFlow Division-by-Zero Vulnerability in the flow.floor_divide() Component Allowing Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

OneFlow

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating