{"id":"CVE-2025-63397","details":"Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence to the native code during broadcasting/type conversion.","modified":"2026-04-10T05:34:12.960144Z","published":"2025-11-10T22:15:36.390Z","references":[{"type":"WEB","url":"http://oneflow.com"},{"type":"WEB","url":"https://github.com/Daisy2ang"},{"type":"FIX","url":"https://github.com/Oneflow-Inc/oneflow/issues/10666"},{"type":"PACKAGE","url":"https://github.com/Oneflow-Inc/oneflow"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/oneflow-inc/oneflow","events":[{"introduced":"0"},{"last_affected":"92e32fbc9d5f2d485d5cf00882964d4c2cf65c1f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.9.0"}]}}],"versions":["v0.3.0","v0.5.0","v0.5.0b1","v0.5.0rc1","v0.5rc1","v0.5rc2","v0.6.0","v0.8.1","v0.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-63397.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}]}