CVE-2021-4048

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions lapack versions 3.10.0 and earlier OpenBLAS versions 0.3.18 and earlier

Description An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.

Recommendations For lapack versions 3.10.0 and earlier, update to a version later than 3.10.0. For OpenBLAS versions 0.3.18 and earlier, update to a version later than 0.3.18. As a temporary workaround, consider disabling the CLARRV, DLARRV, SLARRV, and ZLARRV functions until a patch is available.

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2022:7639

ALT-PU-2021-3562

ALT-PU-2022-2457

ALT-PU-2024-4379

ALT-PU-2025-4856

ALT-PU-2025-4858

AZL-6609

AZL-7315

BDU:2025-03980

BIT-OPENBLAS-2021-4048

CESA-2022_7639

CVE-2021-4048

MGASA-2021-0586

OESA-2021-1471

OESA-2021-1478

OESA-2022-1947

OPENSUSE-SU-2022:0915-1

OPENSUSE-SU-2022_0915-1

OPENSUSE-SU-2024:11704-1

RHSA-2022:7639

RHSA-2022_7639

RLSA-2022:7639

SUSE-SU-2022:0913-1

SUSE-SU-2022:0915-1

SUSE-SU-2022_0913-1

SUSE-SU-2022_0915-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Openblas

Red Hat

Red Os

Rocky Linux

Suse

Lapack

CVE-2021-4048

Weakness Enumeration

Related Identifiers

Affected Products

References · 56