CVE-2021-4048

CWE-125Out-of-bounds Read8 documents8 sources
Severity
9.1CRITICAL
EPSS
0.4%
top 41.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Openblas Project OpenblasJulialang JuliaLapack Project Lapack+5 more
Timeline
PublishedDec 8
Latest updateApr 15

Description

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages9 packages

Debianlapack< 3.10.0-2+2
CVEListV5lapacklapack through version 3.10.0
Debianopenblas< 0.3.18+ds-1+2

Also affects: Fedora 34, 35, Enterprise Linux 8.0

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-wgf2-cvhg-c384: An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 32021-12-09
CVEList
CVE-2021-4048: An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 32021-12-08
OSV
CVE-2021-4048: An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 32021-12-08

📋Vendor Advisories

4
Oracle
Oracle Oracle Analytics Risk Matrix: Machine Learning (OpenBLAS) — CVE-2021-40482023-04-15
Microsoft
An out-of-bounds read flaw was found in the CLARRV DLARRV SLARRV and ZLARRV functions in lapack through version 3.10.0 as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed t2021-12-14
Red Hat
lapack: Out-of-bounds read in *larrv2021-09-30
Debian
CVE-2021-4048: lapack - An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV f...2021
CVE-2021-4048 (CRITICAL CVSS 9.1) | An out-of-bounds read flaw was foun | cvebase.io