CVE-2021-4048
- Source
- https://cve.org/CVERecord?id=CVE-2021-4048
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-4048.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-4048
- Aliases
- Downstream
- Related
- Published
- 2021-12-08T22:15:10.220Z
- Modified
- 2026-03-17T14:17:21.871835Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QFEVOCUG2UXMVMFMTU4ONJVDEHY2LW2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DROZM4M2QRKSD6FBO4BHSV2QMIRJQPHT/
- https://github.com/JuliaLang/julia/issues/42415
- https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781
- https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050c
- https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7
- https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7
- https://github.com/Reference-LAPACK/lapack/pull/625
- https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41
Affected packages
Git / github.com/JuliaLang/julia
Affected ranges
- Type
- GIT
- Repo
- https://github.com/JuliaLang/julia
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "1.6.3" }, { "introduced": "0" }, { "last_affected": "1.7.0-beta1" }, { "introduced": "0" }, { "last_affected": "1.7.0-beta2" }, { "introduced": "0" }, { "last_affected": "1.7.0-beta3" }, { "introduced": "0" }, { "last_affected": "1.7.0-beta4" }, { "introduced": "0" }, { "last_affected": "1.7.0-rc1" } ] }
- Type
- GIT
- Repo
- https://github.com/OpenMathLib/OpenBLAS
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "0.3.18" } ] }
- Type
- GIT
- Repo
- https://github.com/Reference-LAPACK/lapack
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "3.10.0" } ] }
- Type
- GIT
- Repo
- https://github.com/openmathlib/openblas
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixedFixed
- Type
- GIT
- Repo
- https://github.com/reference-lapack/lapack
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.1
v0.1.0
v0.1.1
v0.1.2
v0.1alpha1
v0.1alpha2
v0.1alpha2.1
v0.1alpha2.2
v0.1alpha2.3
v0.1alpha2.4
v0.1alpha2.5
v0.2.0
v0.2.0-rc1
v0.2.0-rc2
v0.2.0-rc3
v0.2.0-rc4
v0.2.1
v0.2.10
v0.2.10.rc1
v0.2.10.rc2
v0.2.11
v0.2.12
v0.2.13
v0.2.14
v0.2.15
v0.2.16
v0.2.16.rc1
v0.2.17
v0.2.18
v0.2.19
v0.2.2
v0.2.20
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.2.8
v0.2.9
v0.2.9.rc1
v0.2.9.rc2
v0.3.0
v0.3.0-rc1
v0.3.0-rc2
v0.3.0-rc3
v0.3.1
v0.3.10
v0.3.11
v0.3.12
v0.3.13
v0.3.14
v0.3.15
v0.3.16
v0.3.17
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.3.9
v0.4.0-rc1
v0.5.0-rc0
v0.6.0-pre.alpha
v0.6.0-pre.beta
v0.7.0-alpha
v0.7.0-beta
v0.7.0-beta2
v0.7.0-rc1
v0.7.0-rc2
v1.*
v1.0.0
v1.0.0-rc1
v1.3.0-alpha
v1.6.0
v1.6.0-beta1
v1.6.0-rc1
v1.6.0-rc2
v1.6.0-rc3
v1.6.1
v1.6.2
v1.6.3
v1.7.0-beta1
v3.*
v3.1-firstgitcommit
v3.10.0
v3.6.0
v3.6.1
v3.7.0
v3.7.1
v3.8.0
v3.9.0
v3.9.1
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-4048.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "34"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "35"
}
]
}
]