MidnightBSD

Advisories for openblas_project

CVE-2021-4048 MEDIUM

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
julialang julia 1.7.0
redhat enterprise_linux 8.0
fedoraproject fedora 35
openblas_project openblas *
redhat openshift_container_storage 4.0
redhat ceph_storage 3.0
lapack_project lapack *
redhat openshift_data_foundation 4.0
redhat ceph_storage 2.0
redhat ceph_storage 5.0
julialang julia *
redhat ceph_storage 4.0
fedoraproject fedora 34