CVE-2025-65888

A dimension validation flaw in the flow.empty component of OneFlow 0.9.0 allows attackers to cause a Denial of Service DoS via a negative or excessively large dimension value...

CVE-2025-65890

A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS by calling flow.cuda.synchronize with an invalid or out-of-range GPU device index...

CVE-2025-65890

A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS by calling flow.cuda.synchronize with an invalid or out-of-range GPU device index...

CVE-2025-65886

A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via supplying crafted tensor shapes...

CVE-2025-65889

A type validation flaw in the flow.dstack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

flowflops (>=0.0.1.post2211140919 <=0.0.1.post2211151211) potentially affected by CVE-2025-65886 via oneflow (=0.9.0)

oneflow PYPI version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on oneflow and may be impacted: - flowflops =0.0.1.post2211140919, =0.0.1.post2211151211 Source cves: CVE-2025-65886 Source advisory: SNYK:PYTHON-ONEFLOW-15162593...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the tensor shape process. An attacker can cause the application to crash or become unresponsive by supplying specially crafted tensor shapes. Remediation There is no fixed version for oneflow. References - GitHub...

flowflops (>=0.0.1.post2211140919 <=0.0.1.post2211151211) potentially affected by CVE-2025-65888 via oneflow (=0.9.0)

oneflow PYPI version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on oneflow and may be impacted: - flowflops =0.0.1.post2211140919, =0.0.1.post2211151211 Source cves: CVE-2025-65888 Source advisory: SNYK:PYTHON-ONEFLOW-15162591...

Improper Validation of Specified Quantity in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the flow.empty function. An attacker can cause the application to crash or become unresponsive by supplying a negative or excessively large dimension value. Remediation There is no...

flowflops (>=0.0.1.post2211140919 <=0.0.1.post2211151211) potentially affected by CVE-2025-65887 via oneflow (=0.9.0)

oneflow PYPI version =0.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on oneflow and may be impacted: - flowflops =0.0.1.post2211140919, =0.0.1.post2211151211 Source cves: CVE-2025-65887 Source advisory: SNYK:PYTHON-ONEFLOW-15147047...

Division by zero

Overview Affected versions of this package are vulnerable to Division by zero in the flow.floordivide function. An attacker can cause the application to crash or become unresponsive by providing a specially crafted input tensor containing a zero value. Remediation There is no fixed version for...

CVE-2025-65886

A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via supplying crafted tensor shapes...

CVE-2025-65886

CVE-2025-65886 describes a shape-mismatch vulnerability in OneFlow v0.9.0 that allows attackers to cause a Denial of Service (DoS) by supplying crafted tensor shapes. The CVSS 3.1 vector indicates network attack vector, no privileges/UI, with high impact on availability. Connected sources (RH, NV...

CVE-2025-65888

A dimension validation flaw in the flow.empty component of OneFlow 0.9.0 allows attackers to cause a Denial of Service DoS via a negative or excessively large dimension value...

CVE-2025-65888

The entries for CVE-2025-65888 describe a concrete flaw in OneFlow 0.9.0: a dimension validation issue in the flow.empty() component that allows a Denial of Service when given a negative or excessively large dimension value. The vulnerability is supported across multiple feeds (NVD, Red Hat, CIRC...

CVE-2025-65887

CVE-2025-65887 corresponds to a division-by-zero vulnerability in OneFlow v0.9.0 within the flow.floor_divide() function. The issue can be triggered by a crafted input tensor containing zero, leading to Denial of Service (DoS). Public sources (NVD/Red Hat/OSV/others) consistently describe the fla...

CVE-2025-65889

A type validation flaw in the flow.dstack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-65890

A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS by calling flow.cuda.synchronize with an invalid or out-of-range GPU device index...

CVE-2025-65890

OneFlow CVE-2025-65890 describes a device-ID validation flaw in OneFlow v0.9.0 where calling flow.cuda.synchronize() with an invalid/out-of-range GPU device index triggers a Denial of Service. The issue, rated CVSS v3.1 base 7.5 (HIGH), has no published fixed version per Snyk, and other sources c...

CVE-2025-65889

CVE-2025-65889 affects OneFlow v0.9.0 in the flow.dstack() function, where a type validation flaw can be exploited to induce a Denial of Service (DoS) through crafted input. The vulnerability is described across multiple sources (NVD/Red Hat/CVE; CIRCL sightings; OSV; Snyk) with the common impact...