CVE-2021-4048

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.

Published: Dec 8, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-4048
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:N/A:P

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
lapack_project / lapack	-	3.10.0.x
openblas_project / openblas	-	0.3.18
julialang / julia	1.7.0-rc1	1.7.0-rc1.x
julialang / julia	-	1.6.3.x
julialang / julia	1.7.0-beta1	1.7.0-beta1.x
julialang / julia	1.7.0-beta2	1.7.0-beta2.x
julialang / julia	1.7.0-beta3	1.7.0-beta3.x
julialang / julia	1.7.0-beta4	1.7.0-beta4.x
redhat / ceph_storage	3.0	3.0.x
redhat / ceph_storage	2.0	2.0.x
redhat / enterprise_linux	8.0	8.0.x
redhat / ceph_storage	4.0	4.0.x
redhat / ceph_storage	5.0	5.0.x
redhat / openshift_container_storage	4.0	4.0.x
redhat / openshift_data_foundation	4.0	4.0.x
fedoraproject / fedora	34	34.x
fedoraproject / fedora	35	35.x

Vulnerability Database

289,598

CVE-2021-4048