Primary

Context

OneFlow Segmentation Fault Vulnerability in Logical OR Component Allowing Denial-of-Service

Vulnerability

A segmentation fault vulnerability has been identified in OneFlow version 0.9.0, specifically within the logical_or component. This vulnerability allows attackers to cause a denial-of-service condition by sending crafted input that triggers the segmentation violation.

Impact

Exploitation of this vulnerability leads to a segmentation fault, causing a denial-of-service condition by crashing the application.

Reproduction

The vulnerability can be reproduced by creating two tensors with boolean data types using invalid string inputs, and then calling the logical_or method on these tensors. This sequence of actions triggers a segmentation fault, which is indicative of the vulnerability.

Added: Jan 28, 2026, 9:31 PM

Updated: Jan 28, 2026, 9:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OneFlow Segmentation Fault Vulnerability in Logical OR Component Allowing Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

OneFlow

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating