Primary

Context

OneFlow Segmentation Fault Vulnerability in Autograd Function Component Leading to Denial-of-Service

Vulnerability

A segmentation fault vulnerability has been identified in OneFlow version 0.9.0, specifically within the autograd function component. This vulnerability allows attackers to cause a denial-of-service condition by sending a crafted input that triggers the segmentation violation. The issue arises when the 'mark_non_differentiable' method is called on a tensor outside of a custom autograd function context, leading to a segmentation fault and core dump.

Impact

Exploitation of this vulnerability causes a segmentation fault, resulting in a denial-of-service condition by crashing the application.

Reproduction

The vulnerability can be reproduced by creating an instance of 'oneflow._oneflow_internal.autograd.Function.FunctionCtx' and calling the 'mark_non_differentiable' method with a tensor, such as one filled with ones. This action, when performed outside of a custom autograd function context, will cause a segmentation fault and a core dump.

Added: Jan 29, 2026, 3:23 PM

Updated: Jan 29, 2026, 6:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OneFlow Segmentation Fault Vulnerability in Autograd Function Component Leading to Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

OneFlow

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating