Lucene search

MitreCVE-2024-36736

HistoryJun 06, 2024 - 6:15 p.m.

CVE-2024-36736

2024-06-0618:15:16

CWE-682

mitre

web.nvd.nist.gov

oneflow-inc. oneflow

v0.9.1

permute component

incorrect calculation

security vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

JSON

An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is performed.

Affected configurations

Nvd

Node

oneflowoneflowMatch0.9.1

VendorProductVersionCPE
oneflowoneflow0.9.1cpe:2.3:a:oneflow:oneflow:0.9.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oneflow	oneflow	0.9.1	cpe:2.3:a:oneflow:oneflow:0.9.1:::::::*

References

gist.github.com/Redmept1on/6de04fb6c7af6956973fe2765c4d4576

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

JSON

Related for CVE-2024-36736