9.1

CVE-2021-4048

EPSS 0.37%
Published 08.12.2021 22:15:10
Last modified 21.11.2024 06:36:47
Source secalert@redhat.com
Teams watchlist Login
Open Login

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.

Affected products Warnungen 0 Metrics 3 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Lapack Project ≫ Lapack Version <= 3.10.0

Openblas Project ≫ Openblas Version < 0.3.18

Julialang ≫ Julia Version <= 1.6.3

Julialang ≫ Julia Version1.7.0 Updatebeta1

Julialang ≫ Julia Version1.7.0 Updatebeta2

Julialang ≫ Julia Version1.7.0 Updatebeta3

Julialang ≫ Julia Version1.7.0 Updatebeta4

Julialang ≫ Julia Version1.7.0 Updaterc1

Redhat ≫ Ceph Storage Version2.0

Redhat ≫ Ceph Storage Version3.0

Redhat ≫ Ceph Storage Version4.0

Redhat ≫ Ceph Storage Version5.0

Redhat ≫ Openshift Container Storage Version4.0

Redhat ≫ Openshift Data Foundation Version4.0

Redhat ≫ Enterprise Linux Version8.0

Fedoraproject ≫ Fedora Version34

Fedoraproject ≫ Fedora Version35

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.37%	0.577

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:N/A:P

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://github.com/JuliaLang/julia/issues/42415

Patch

Third Party Advisory

Issue Tracking

https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781

Patch

Third Party Advisory

https://github.com/Reference-LAPACK/lapack/pull/625

Patch

Third Party Advisory

Issue Tracking

https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050c

Patch

Third Party Advisory

https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41

Patch

Third Party Advisory

https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7

Patch

Third Party Advisory

https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7

Patch

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QFEVOCUG2UXMVMFMTU4ONJVDEHY2LW2/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DROZM4M2QRKSD6FBO4BHSV2QMIRJQPHT/

https://nvd.nist.gov/vuln/detail/CVE-2021-4048

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-4048

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-4048

EUVD