OneFlow Boolean Tensor Component Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in OneFlow version 0.9.0, specifically within the flow.cuda.BoolTensor component. The issue arises when the API is fed invalid values, such as negative numbers or excessively large integers. These values exceed the acceptable range for boolean types, leading to a crash and a core dump.

Impact

Exploitation of this vulnerability causes the application to crash, terminating the process and dumping core, which can disrupt service and potentially lead to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by calling the flow.cuda.BoolTensor() function with an invalid value, such as a negative integer or a very large integer that exceeds the boolean type's valid range. This will result in the application crashing and generating a core dump.