CVE Vulnerability

CVE-2021-4048

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.

6.4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

Scope

9.1 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/JuliaLang/julia/issues/42415 Issue Tracking Patch
https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41 Patch Third Party Advisory
https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050c Patch Third Party Advisory
https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7 Patch Third Party Advisory
https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781 Patch Third Party Advisory
https://github.com/Reference-LAPACK/lapack/pull/625 Issue Tracking Patch
https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7 Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QFEVOCUG2UXMVMFMTU4ONJVDEHY2LW2/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DROZM4M2QRKSD6FBO4BHSV2QMIRJQPHT/ Mailing List Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:lapack_project:lapack:*:*:*:*:*:*:*:*
cpe:2.3:a:openblas_project:openblas:*:*:*:*:*:*:*:*
cpe:2.3:a:julialang:julia:1.7.0:rc1:*:*:*:*:*:*
cpe:2.3:a:julialang:julia:*:*:*:*:*:*:*:*
cpe:2.3:a:julialang:julia:1.7.0:beta1:*:*:*:*:*:*
cpe:2.3:a:julialang:julia:1.7.0:beta2:*:*:*:*:*:*
cpe:2.3:a:julialang:julia:1.7.0:beta3:*:*:*:*:*:*
cpe:2.3:a:julialang:julia:1.7.0:beta4:*:*:*:*:*:*
cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ceph_storage:2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_storage:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_data_foundation:4.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Information

Published : 2021-12-08 10:15

Updated : 2022-01-04 04:09

NVD link : CVE-2021-4048

Mitre link : CVE-2021-4048

Products Affected
No products.
CWE
CWE-125

Out-of-bounds Read