CVE-2025-71002
📋 TL;DR
A floating-point exception vulnerability in OneFlow's flow.column_stack component allows attackers to trigger a Denial of Service (DoS) by providing specially crafted input. This affects OneFlow v0.9.0 users who process untrusted data through the column_stack function. The vulnerability can crash the application but does not allow code execution.
💻 Affected Systems
- OneFlow
📦 What is this software?
Oneflow by Oneflow
⚠️ Risk & Real-World Impact
Worst Case
Complete service disruption where the OneFlow process crashes, requiring manual restart and potentially causing data loss in processing pipelines.
Likely Case
Application crash when processing malicious input, leading to temporary DoS until the service is restarted.
If Mitigated
Minimal impact with proper input validation and error handling in place to catch exceptions before they crash the process.
🎯 Exploit Status
Exploitation requires crafting specific input to trigger the floating-point exception, which is relatively straightforward for attackers familiar with the component.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v0.9.1 or later
Vendor Advisory: https://github.com/Oneflow-Inc/oneflow/issues/10657
Restart Required: Yes
Instructions:
1. Update OneFlow to version 0.9.1 or later using pip: pip install --upgrade oneflow==0.9.1
2. Restart any services or applications using OneFlow
3. Verify the update with: python -c "import oneflow; print(oneflow.__version__)"
🔧 Temporary Workarounds
Input Validation Wrapper
allWrap flow.column_stack calls with input validation to reject malformed inputs before they reach the vulnerable code.
# Python example:
import numpy as np
import oneflow as flow
def safe_column_stack(tup):
# Validate input shapes and types
if not isinstance(tup, (list, tuple)):
raise ValueError("Input must be list or tuple")
for arr in tup:
if not isinstance(arr, (np.ndarray, flow.Tensor)):
raise ValueError("All inputs must be arrays/tensors")
return flow.column_stack(tup)
🧯 If You Can't Patch
- Implement strict input validation and sanitization for all data passed to flow.column_stack
- Deploy the vulnerable component behind rate limiting and monitoring to detect exploitation attempts
🔍 How to Verify
Check if Vulnerable:
Check if OneFlow version is 0.9.0: python -c "import oneflow; print(oneflow.__version__)"Check Version:
python -c "import oneflow; print(oneflow.__version__)"Verify Fix Applied:
Verify version is 0.9.1 or later and test with known problematic inputs to ensure no crashes occur.📡 Detection & Monitoring
Log Indicators:
- Process crashes with floating-point exception errors
- Application logs showing division by zero or invalid floating-point operations
- Unexpected service restarts
Network Indicators:
- Sudden drop in service availability
- Increased error rates in API responses
SIEM Query:
source="application.logs" AND ("floating point exception" OR "FPE" OR "division by zero") AND process="python"