Skip to main content

Oneflow CVE-2024-36743

HIGH
Improper Validation of Array Index (CWE-129)
2024-06-06 cve@mitre.org
7.5
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 06, 2024 - 18:15 cve.org
HIGH 7.5

DescriptionCVE.org

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.dot.

AnalysisAI

An issue in OneFlow-Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-129. An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.dot. Affected products include: Oneflow.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-65889 HIGH POC
7.5 Jan 28

A type validation flaw in the flow.dstack() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (D

CVE-2025-65888 HIGH POC
7.5 Jan 28

A dimension validation flaw in the flow.empty() component of OneFlow 0.9.0 allows attackers to cause a Denial of Service

CVE-2025-65886 HIGH POC
7.5 Jan 28

A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via supplying craft

CVE-2025-71000 HIGH POC
7.5 Jan 28

An issue in the flow.cuda.BoolTensor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via

CVE-2025-71007 HIGH POC
7.5 Jan 28

An input validation vulnerability in the oneflow.index_add component of OneFlow v0.9.0 allows attackers to cause a Denia

CVE-2025-71003 HIGH POC
7.5 Jan 28

An input validation vulnerability in the flow.arange() component of OneFlow v0.9.0 allows attackers to cause a Denial of

CVE-2025-65891 HIGH POC
7.5 Jan 28

A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice (DoS) by invoking flow

CVE-2025-65890 HIGH POC
7.5 Jan 28

A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) by calling flow.cuda.s

CVE-2025-70999 HIGH POC
7.5 Jan 28

A GPU device-ID validation flaw in the flow.cuda.get_device_capability() component of OneFlow v0.9.0 allows attackers to

CVE-2025-63397 MEDIUM POC
6.5 Nov 10

Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence

CVE-2025-65887 MEDIUM POC
6.5 Jan 28

A division-by-zero vulnerability in the flow.floor_divide() component of OneFlow v0.9.0 allows attackers to cause a Deni

CVE-2025-71004 MEDIUM POC
6.5 Jan 28

A segmentation violation in the oneflow.logical_or component of OneFlow v0.9.0 allows attackers to cause a Denial of Ser

Share

CVE-2024-36743 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy