Home / Early Warning / Vulnerabilidades / CVE-2021-4048

CVE-2021-4048

Type: 
Out-of-bounds Read
Severity: 
Medium
Publication date: 
12/08/2021
Last modified: 
01/04/2022
Description
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.
Impact
Access Vector: Through network
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: No impact on system integrity + Partially affects on system confidentiality + Partially affects on system availability
Vulnerable software and versions
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_data_foundation:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_storage:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:ceph_storage:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openblas_project:openblas:*:*:*:*:*:*:*:*
  • cpe:2.3:a:lapack_project:lapack:*:*:*:*:*:*:*:*
  • cpe:2.3:a:julialang:julia:1.7.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:julialang:julia:1.7.0:beta4:*:*:*:*:*:*
  • cpe:2.3:a:julialang:julia:1.7.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:julialang:julia:1.7.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:julialang:julia:1.7.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:julialang:julia:*:*:*:*:*:*:*:*
To consult the complete list of products and versions see this page
Explanation of fields