github - ghsa-wgf2-cvhg-c384

ghsa-wgf2-cvhg-c384

Vulnerability from github

Published

2021-12-09 00:00

Modified

2021-12-14 00:01

Details

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-4048"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-08T22:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.",
  "id": "GHSA-wgf2-cvhg-c384",
  "modified": "2021-12-14T00:01:29Z",
  "published": "2021-12-09T00:00:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4048"
    },
    {
      "type": "WEB",
      "url": "https://github.com/JuliaLang/julia/issues/42415"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Reference-LAPACK/lapack/pull/625"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024358"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QFEVOCUG2UXMVMFMTU4ONJVDEHY2LW2"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DROZM4M2QRKSD6FBO4BHSV2QMIRJQPHT"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2021-4048

Vulnerability from cvelistv5

Published

2021-12-08 21:24

Modified

2024-08-03 17:16

Severity

Summary

References

URL	Tags
https://github.com/Reference-LAPACK/lapack/pull/625	x_refsource_MISC
https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781	x_refsource_MISC
https://github.com/JuliaLang/julia/issues/42415	x_refsource_MISC
https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41	x_refsource_MISC
https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050c	x_refsource_MISC
https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7	x_refsource_MISC
https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DROZM4M2QRKSD6FBO4BHSV2QMIRJQPHT/	vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QFEVOCUG2UXMVMFMTU4ONJVDEHY2LW2/	vendor-advisory, x_refsource_FEDORA

Impacted products

Vendor	Product
n/a	lapack

Show details on NVD website