CRITICAL🇵🇱 Wersja polska

CVE-2021-4048

CVSS 9.1v3.1pub. 2021-12-08upd. 2024-11-21

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  • Fedora Project Fedora

    OS
    Fedoraproject
    3435
  • Julialang Julia

    APP
    Julialang
    1.7.0≤ 1.6.3
  • Lapack Project Lapack

    APP
    Lapack Project
    ≤ 3.10.0
  • Openblas Project Openblas

    APP
    Openblas Project
    < 0.3.18
  • Red Hat Ceph Storage

    APP
    Redhat
    2.03.04.05.0
  • Red Hat Enterprise Linux

    OS
    Redhat
    8.0
  • Red Hat Openshift Container Storage

    APP
    Redhat
    4.0
  • Red Hat Openshift Data Foundation

    APP
    Redhat
    4.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt

PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit

CVE-2024-5274CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML

CVE-2024-4947CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)

CVE-2024-4671CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox