Oneflow security vulnerabilities

OneFlow is an open-source deep learning framework developed by OneFlow. Version 0.9.0 of OneFlow contains a security vulnerability, which stems from a segmentation violation in the oneflow.logicalor component, potentially leading to a denial-of-service attack...

Oneflow security vulnerabilities

Oneflow is an open-source deep learning framework developed by Oneflow. Version 0.9.0 of Oneflow contains a security vulnerability, which stems from floating-point exceptions in the oneflow.view component, potentially leading to denial-of-service attacks...

CVE-2025-70999

OneFlow v0.9.0 is affected by a GPU device-ID validation flaw in the flow.cuda.get_device_capability() function that can cause a Denial of Service via a crafted device ID. The issue is described consistently across CVE records (NVD/Red Hat/ OSV/CIRCL) as a DoS condition stemming from improper val...

CVE-2025-71003

CVE-2025-71003 is an input validation vulnerability in OneFlow v0.9.0, affecting the flow.arange() component and enabling a DoS via crafted input. Documents consistently indicate the affected software and component; no exploit payloads are provided in the sources. Remediation guidance appears inc...

CVE-2025-71007

CVE-2025-71007 affects OneFlow, specifically the oneflow.index_add component in v0.9.0, where input validation issues allow a crafted input to trigger a Denial of Service (DoS). Documented sources confirm the vulnerability details and link to OneFlow’s issue and advisories. Reported impact is DoS...

PT-2026-5177

An issue in the flow.cuda.BoolTensor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

Oneflow security vulnerabilities

OneFlow is an open-source deep learning framework developed by OneFlow. Version 0.9.0 of OneFlow contains a security vulnerability, which stems from insufficient input validation in the flow.arange component. This vulnerability could lead to denial-of-service attacks...

CVE-2025-70999

A GPU device-ID validation flaw in the flow.cuda.getdevicecapability component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted device ID...

CVE-2025-65887

A division-by-zero vulnerability in the flow.floordivide component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input tensor with zero...

CVE-2025-71004

A segmentation violation in the oneflow.logicalor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71001

A segmentation violation in the flow.columnstack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

EUVD-2025-206431

A segmentation violation in the oneflow.logicalor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

PT-2026-5140

A dimension validation flaw in the flow.empty component of OneFlow 0.9.0 allows attackers to cause a Denial of Service DoS via a negative or excessively large dimension value...

CVE-2025-65891

CVE-2025-65891 is a vulnerability in OneFlow v0.9.0 where flow.cuda.get_device_properties() accepts an invalid or negative device index, leading to a Denial of Service (DoS). Multiple sources (NVD, Red Hat, OSV, CIRCL, ENISA, Snyk entries) describe a GPU device-ID validation flaw in OneFlow, with...

Oneflow security vulnerabilities

OneFlow is an open-source deep learning framework developed by OneFlow. Version 0.9.0 of OneFlow contains a security vulnerability; this vulnerability stems from a floating-point exception in the flow.columnstack component, which could lead to a denial-of-service attack...

CVE-2025-71006

The CVE-2025-71006 entry concerns OneFlow v0.9.0, where a flaw in the oneflow.reshape component can trigger a floating point exception (FPE) and cause a Denial of Service (DoS) via a crafted input. Multiple connected sources (Red Hat, NVD, OSV, CVE listings, and vulnerability trackers) confirm th...

CVE-2025-63397

Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence to the native code during broadcasting/type conversion...

EUVD-2025-50829

Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence to the native code during broadcasting/type conversion...

CVE-2025-63397

Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence to the native code during broadcasting/type conversion...

CVE-2025-63397

Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence to the native code during broadcasting/type conversion...