Primary

Context

OneFlow Type Validation Vulnerability in flow.dstack() Component Leading to Denial-of-Service

Vulnerability

A type validation vulnerability has been identified in OneFlow version 0.9.0, specifically within the flow.dstack() component. This flaw allows attackers to cause a denial-of-service by exploiting a type mismatch, which leads to a segmentation fault and a core dump.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a denial-of-service condition where the application crashes and requires a restart.

Reproduction

The vulnerability can be reproduced by calling the flow.dstack() function with a list of tensors that includes a NumPy array. This input causes a type mismatch that results in a segmentation fault.

Added: Jan 28, 2026, 5:23 PM

Updated: Jan 28, 2026, 5:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OneFlow Type Validation Vulnerability in flow.dstack() Component Leading to Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

OneFlow

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating