Primary

Context

OneFlow Segmentation Fault Vulnerability in Column Stack Component Allowing Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in OneFlow version 0.9.0. The issue arises in the 'flow.column_stack' component, where a segmentation violation occurs when the function is called with a list containing a OneFlow tensor and a NumPy array. This type mismatch leads to a segmentation fault and a core dump, causing a crash in the application.

Impact

Exploitation of this vulnerability leads to a segmentation fault, causing a crash of the OneFlow application.

Reproduction

To reproduce this vulnerability, use OneFlow version 0.9.0 and call the 'flow.column_stack' function with a list that includes a OneFlow tensor (such as one filled with ones) and a NumPy array (like a 2D array). This will trigger the segmentation fault and core dump.

Added: Jan 28, 2026, 7:26 PM

Updated: Jan 28, 2026, 7:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.6

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.6

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OneFlow Segmentation Fault Vulnerability in Column Stack Component Allowing Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

Oneflow

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating