Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-4048


An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.


Published

2021-12-08T22:15:10.220

Last Modified

2024-11-21T06:36:47.820

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.1 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

4.9

Weaknesses
  • Type: Primary
    CWE-125

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application lapack_project lapack ≤ 3.10.0 Yes
Application openblas_project openblas < 0.3.18 Yes
Application julialang julia ≤ 1.6.3 Yes
Application julialang julia 1.7.0 Yes
Application julialang julia 1.7.0 Yes
Application julialang julia 1.7.0 Yes
Application julialang julia 1.7.0 Yes
Application julialang julia 1.7.0 Yes
Application redhat ceph_storage 2.0 Yes
Application redhat ceph_storage 3.0 Yes
Application redhat ceph_storage 4.0 Yes
Application redhat ceph_storage 5.0 Yes
Application redhat openshift_container_storage 4.0 Yes
Application redhat openshift_data_foundation 4.0 Yes
Operating System redhat enterprise_linux 8.0 Yes
Operating System fedoraproject fedora 34 Yes
Operating System fedoraproject fedora 35 Yes

References