MidnightBSD

Advisories for lapack_project

CVE-2021-4048 MEDIUM

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
redhat enterprise_linux 8.0
redhat ceph_storage 3.0
redhat ceph_storage 5.0
redhat ceph_storage 4.0
redhat openshift_container_storage 4.0
redhat ceph_storage 2.0
julialang julia *
openblas_project openblas *
fedoraproject fedora 34
fedoraproject fedora 35
lapack_project lapack *
julialang julia 1.7.0
redhat openshift_data_foundation 4.0