Openblas · Openblas · CVE-2021-4048
**Name of the Vulnerable Software and Affected Versions**
lapack versions 3.10.0 and earlier
OpenBLAS versions 0.3.18 and earlier
**Description**
An out-of-bounds read flaw was found in the `CLARRV`, `DLARRV`, `SLARRV`, and `ZLARRV` functions. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.
**Recommendations**
For lapack versions 3.10.0 and earlier, update to a version later than 3.10.0.
For OpenBLAS versions 0.3.18 and earlier, update to a version later than 0.3.18.
As a temporary workaround, consider disabling the `CLARRV`, `DLARRV`, `SLARRV`, and `ZLARRV` functions until a patch is available.