Skip to main content

Oneflow CVE-2024-36736

CRITICAL
Incorrect Calculation (CWE-682)
2024-06-06 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 06, 2024 - 18:15 nvd
CRITICAL 9.8

DescriptionNVD

An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is performed.

AnalysisAI

An issue in the oneflow.permute component of OneFlow-Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-682. An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is performed. Affected products include: Oneflow.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-65889 HIGH POC
7.5 Jan 28

A type validation flaw in the flow.dstack() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (D

CVE-2025-65888 HIGH POC
7.5 Jan 28

A dimension validation flaw in the flow.empty() component of OneFlow 0.9.0 allows attackers to cause a Denial of Service

CVE-2025-65886 HIGH POC
7.5 Jan 28

A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via supplying craft

CVE-2025-71000 HIGH POC
7.5 Jan 28

An issue in the flow.cuda.BoolTensor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via

CVE-2025-71007 HIGH POC
7.5 Jan 28

An input validation vulnerability in the oneflow.index_add component of OneFlow v0.9.0 allows attackers to cause a Denia

CVE-2025-71003 HIGH POC
7.5 Jan 28

An input validation vulnerability in the flow.arange() component of OneFlow v0.9.0 allows attackers to cause a Denial of

CVE-2025-65891 HIGH POC
7.5 Jan 28

A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice (DoS) by invoking flow

CVE-2025-65890 HIGH POC
7.5 Jan 28

A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) by calling flow.cuda.s

CVE-2025-70999 HIGH POC
7.5 Jan 28

A GPU device-ID validation flaw in the flow.cuda.get_device_capability() component of OneFlow v0.9.0 allows attackers to

CVE-2025-63397 MEDIUM POC
6.5 Nov 10

Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence

CVE-2025-65887 MEDIUM POC
6.5 Jan 28

A division-by-zero vulnerability in the flow.floor_divide() component of OneFlow v0.9.0 allows attackers to cause a Deni

CVE-2025-71004 MEDIUM POC
6.5 Jan 28

A segmentation violation in the oneflow.logical_or component of OneFlow v0.9.0 allows attackers to cause a Denial of Ser

Share

CVE-2024-36736 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy