Unrated severityNVD Advisory· Published Dec 8, 2021· Updated Aug 3, 2024
CVE-2021-4048
CVE-2021-4048
Description
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
24- lapack/lapackdescription
- osv-coords21 versionspkg:bitnami/openblaspkg:rpm/almalinux/openblaspkg:rpm/almalinux/openblas-develpkg:rpm/almalinux/openblas-openmppkg:rpm/almalinux/openblas-openmp64pkg:rpm/almalinux/openblas-openmp64_pkg:rpm/almalinux/openblas-Rblaspkg:rpm/almalinux/openblas-serial64pkg:rpm/almalinux/openblas-serial64_pkg:rpm/almalinux/openblas-staticpkg:rpm/almalinux/openblas-threadspkg:rpm/almalinux/openblas-threads64pkg:rpm/almalinux/openblas-threads64_pkg:rpm/opensuse/lapack&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/lapack-man&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/lapack&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/lapack&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/lapack&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/lapack&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/lapack&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/lapack&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 0.3.18+ 20 more
- (no CPE)range: < 0.3.18
- (no CPE)range: < 0.3.15-4.el8
- (no CPE)range: < 0.3.15-4.el8
- (no CPE)range: < 0.3.15-4.el8
- (no CPE)range: < 0.3.15-4.el8
- (no CPE)range: < 0.3.15-4.el8
- (no CPE)range: < 0.3.15-4.el8
- (no CPE)range: < 0.3.15-4.el8
- (no CPE)range: < 0.3.15-4.el8
- (no CPE)range: < 0.3.15-4.el8
- (no CPE)range: < 0.3.15-4.el8
- (no CPE)range: < 0.3.15-4.el8
- (no CPE)range: < 0.3.15-4.el8
- (no CPE)range: < 3.5.0-4.6.1
- (no CPE)range: < 3.5.0-4.6.1
- (no CPE)range: < 3.5.0-4.6.1
- (no CPE)range: < 3.5.0-4.6.1
- (no CPE)range: < 3.5.0-4.6.1
- (no CPE)range: < 3.5.0-3.9.1
- (no CPE)range: < 3.5.0-3.9.1
- (no CPE)range: < 3.5.0-3.9.1
Patches
Vulnerability mechanics
References
9- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QFEVOCUG2UXMVMFMTU4ONJVDEHY2LW2/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DROZM4M2QRKSD6FBO4BHSV2QMIRJQPHT/mitrevendor-advisoryx_refsource_FEDORA
- github.com/JuliaLang/julia/issues/42415mitrex_refsource_MISC
- github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781mitrex_refsource_MISC
- github.com/Reference-LAPACK/lapack/pull/625mitrex_refsource_MISC
- github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050cmitrex_refsource_MISC
- github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41mitrex_refsource_MISC
- github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7mitrex_refsource_MISC
- github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.