CVE-2021-4048
lapack: Out-of-bounds read in *larrv
Severity Score
9.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.
Se ha encontrado un fallo de lectura fuera de límites en las funciones CLARRV, DLARRV, SLARRV y ZLARRV de lapack versiones hasta 3.10.0, usadas también en OpenBLAS versiones anteriores a 0.3.18. Las entradas especialmente diseñadas que se pasan a estas funciones podrían causar que una aplicación que use lapack se bloquee o posiblemente revele partes de su memoria
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack and OpenBLAS. A specially crafted input passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-12-02 CVE Reserved
- 2021-12-08 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (11)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Lapack Project Search vendor "Lapack Project" | Lapack Search vendor "Lapack Project" for product "Lapack" | <= 3.10.0 Search vendor "Lapack Project" for product "Lapack" and version " <= 3.10.0" | - |
Affected
| ||||||
| Openblas Project Search vendor "Openblas Project" | Openblas Search vendor "Openblas Project" for product "Openblas" | < 0.3.18 Search vendor "Openblas Project" for product "Openblas" and version " < 0.3.18" | - |
Affected
| ||||||
| Julialang Search vendor "Julialang" | Julia Search vendor "Julialang" for product "Julia" | <= 1.6.3 Search vendor "Julialang" for product "Julia" and version " <= 1.6.3" | - |
Affected
| ||||||
| Julialang Search vendor "Julialang" | Julia Search vendor "Julialang" for product "Julia" | 1.7.0 Search vendor "Julialang" for product "Julia" and version "1.7.0" | beta1 |
Affected
| ||||||
| Julialang Search vendor "Julialang" | Julia Search vendor "Julialang" for product "Julia" | 1.7.0 Search vendor "Julialang" for product "Julia" and version "1.7.0" | beta2 |
Affected
| ||||||
| Julialang Search vendor "Julialang" | Julia Search vendor "Julialang" for product "Julia" | 1.7.0 Search vendor "Julialang" for product "Julia" and version "1.7.0" | beta3 |
Affected
| ||||||
| Julialang Search vendor "Julialang" | Julia Search vendor "Julialang" for product "Julia" | 1.7.0 Search vendor "Julialang" for product "Julia" and version "1.7.0" | beta4 |
Affected
| ||||||
| Julialang Search vendor "Julialang" | Julia Search vendor "Julialang" for product "Julia" | 1.7.0 Search vendor "Julialang" for product "Julia" and version "1.7.0" | rc1 |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ceph Storage Search vendor "Redhat" for product "Ceph Storage" | 2.0 Search vendor "Redhat" for product "Ceph Storage" and version "2.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ceph Storage Search vendor "Redhat" for product "Ceph Storage" | 3.0 Search vendor "Redhat" for product "Ceph Storage" and version "3.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ceph Storage Search vendor "Redhat" for product "Ceph Storage" | 4.0 Search vendor "Redhat" for product "Ceph Storage" and version "4.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ceph Storage Search vendor "Redhat" for product "Ceph Storage" | 5.0 Search vendor "Redhat" for product "Ceph Storage" and version "5.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Container Storage Search vendor "Redhat" for product "Openshift Container Storage" | 4.0 Search vendor "Redhat" for product "Openshift Container Storage" and version "4.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Data Foundation Search vendor "Redhat" for product "Openshift Data Foundation" | 4.0 Search vendor "Redhat" for product "Openshift Data Foundation" and version "4.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||