9.1
CVE-2021-4048
- EPSS 0.37%
- Veröffentlicht 08.12.2021 22:15:10
- Zuletzt bearbeitet 21.11.2024 06:36:47
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lapack Project ≫ Lapack Version <= 3.10.0
Openblas Project ≫ Openblas Version < 0.3.18
Redhat ≫ Ceph Storage Version2.0
Redhat ≫ Ceph Storage Version3.0
Redhat ≫ Ceph Storage Version4.0
Redhat ≫ Ceph Storage Version5.0
Redhat ≫ Openshift Container Storage Version4.0
Redhat ≫ Openshift Data Foundation Version4.0
Redhat ≫ Enterprise Linux Version8.0
Fedoraproject ≫ Fedora Version34
Fedoraproject ≫ Fedora Version35
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.577 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:P
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.