9.1

CVE-2021-4048

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lapack ProjectLapack Version <= 3.10.0
Openblas ProjectOpenblas Version < 0.3.18
JulialangJulia Version <= 1.6.3
JulialangJulia Version1.7.0 Updatebeta1
JulialangJulia Version1.7.0 Updatebeta2
JulialangJulia Version1.7.0 Updatebeta3
JulialangJulia Version1.7.0 Updatebeta4
JulialangJulia Version1.7.0 Updaterc1
RedhatCeph Storage Version2.0
RedhatCeph Storage Version3.0
RedhatCeph Storage Version4.0
RedhatCeph Storage Version5.0
RedhatEnterprise Linux Version8.0
FedoraprojectFedora Version34
FedoraprojectFedora Version35
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.62% 0.835
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://github.com/JuliaLang/julia/issues/42415
Patch
Third Party Advisory
Issue Tracking
https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781
Patch
Third Party Advisory
https://github.com/Reference-LAPACK/lapack/pull/625
Patch
Third Party Advisory
Issue Tracking
https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050c
Patch
Third Party Advisory
https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41
Patch
Third Party Advisory
https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7
Patch
Third Party Advisory
https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QFEVOCUG2UXMVMFMTU4ONJVDEHY2LW2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DROZM4M2QRKSD6FBO4BHSV2QMIRJQPHT/