JLSEC-2025-6

See a problem?
Please try reporting it to the source first.

Source

https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2025/JLSEC-2025-6.md

Import Source

https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-6.json

JSON Data

https://api.test.osv.dev/v1/vulns/JLSEC-2025-6

Upstream

CVE-2021-4048

Published

2025-10-08T17:41:37.190Z

Modified

2025-11-03T00:19:05.480704Z

Summary

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack t...

Details

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.

Database specific

{
    "sources": [
        {
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-4048",
            "modified": "2024-11-21T06:36:47.820Z",
            "published": "2021-12-08T22:15:10.220Z",
            "imported": "2025-10-07T15:10:16.258Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4048",
            "id": "CVE-2021-4048"
        }
    ],
    "license": "CC-BY-4.0"
}

References

Affected packages

Julia

ReferenceBLAS32_jll

Package

Name: ReferenceBLAS32_jll
Purl: pkg:julia/ReferenceBLAS32_jll?uuid=9e84b91c-71b0-5f24-acdc-49dbe8049396

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.12.1+0

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-6.json"

LAPACK32_jll

Package

Name: LAPACK32_jll
Purl: pkg:julia/LAPACK32_jll?uuid=17f450c3-bd24-55df-bb84-8c51b4b939e3

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.10.1+0

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-6.json"

OpenBLASHighCoreCount_jll

Package

Name: OpenBLASHighCoreCount_jll
Purl: pkg:julia/OpenBLASHighCoreCount_jll?uuid=3a2d25a1-7f54-53f7-aded-df035e2fc6f8

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-6.json"

LAPACK_jll

Package

Name: LAPACK_jll
Purl: pkg:julia/LAPACK_jll?uuid=51474c39-65e3-53ba-86ba-03b1b862ec14

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.10.1+0

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-6.json"

OpenBLAS_jll

Package

Name: OpenBLAS_jll
Purl: pkg:julia/OpenBLAS_jll?uuid=4536629a-c528-5b80-bd46-f80d51c5b363

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.20+0

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-6.json"

ReferenceBLAS_jll

Package

Name: ReferenceBLAS_jll
Purl: pkg:julia/ReferenceBLAS_jll?uuid=ee697234-451c-51c9-b102-303d89a9c3a0

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.12.1+0

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-6.json"

OpenBLAS32_jll

Package

Name: OpenBLAS32_jll
Purl: pkg:julia/OpenBLAS32_jll?uuid=656ef2d0-ae68-5445-9ca0-591084a874a2

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.20+0

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-6.json"

libjulia_jll

Package

Name: libjulia_jll
Purl: pkg:julia/libjulia_jll?uuid=5ad3ddd2-0711-543a-b040-befd59781bbf

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.0+1

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-6.json"

SLICOT_jll

Package

Name: SLICOT_jll
Purl: pkg:julia/SLICOT_jll?uuid=545525a2-e20e-568b-b87f-b40a06098995

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-6.json"