CVE-2021-4048

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
lapack_projectlapack
𝑥
≤ 3.10.0
openblas_projectopenblas
𝑥
< 0.3.18
julialangjulia
𝑥
≤ 1.6.3
julialangjulia
1.7.0:beta1
julialangjulia
1.7.0:beta2
julialangjulia
1.7.0:beta3
julialangjulia
1.7.0:beta4
julialangjulia
1.7.0:rc1
redhatceph_storage
2.0
redhatceph_storage
3.0
redhatceph_storage
4.0
redhatceph_storage
5.0
redhatopenshift_container_storage
4.0
redhatopenshift_data_foundation
4.0
redhatenterprise_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
lapack
bullseye
no-dsa
buster
no-dsa
stretch
no-dsa
bookworm
3.11.0-2
fixed
sid
3.12.0-3
fixed
trixie
3.12.0-3
fixed
openblas
bullseye
no-dsa
buster
no-dsa
stretch
no-dsa
bookworm
0.3.21+ds-4
fixed
sid
0.3.28+ds-2
fixed
trixie
0.3.28+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
lapack
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
ignored
hirsute
ignored
focal
needed
bionic
needed
xenial
not-affected
trusty
ignored
openblas
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
ignored
hirsute
ignored
focal
needed
bionic
needed
xenial
needs-triage
trusty
needs-triage
Common Weakness Enumeration
References
https://github.com/JuliaLang/julia/issues/42415
https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781
https://github.com/Reference-LAPACK/lapack/pull/625
https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050c
https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41
https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7
https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QFEVOCUG2UXMVMFMTU4ONJVDEHY2LW2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DROZM4M2QRKSD6FBO4BHSV2QMIRJQPHT/
https://github.com/JuliaLang/julia/issues/42415
https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781
https://github.com/Reference-LAPACK/lapack/pull/625
https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050c
https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41
https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7
https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QFEVOCUG2UXMVMFMTU4ONJVDEHY2LW2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DROZM4M2QRKSD6FBO4BHSV2QMIRJQPHT/