CVE-2021-4048: CVE-2021-4048

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-4048

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

跨界内存读

Source: NVD (National Vulnerability Database)

Vulnerability Title

Lapack 缓冲区错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Lapack是Lapack社区的一个用于数值线性代数的标准软件库。 lapack 存在缓冲区错误漏洞，该漏洞源于 lapack 中的 CLARRV、DLARRV、SLARRV 和 ZLARRV 函数中发现了越界读取缺陷，OpenBLAS 也使用了这种缺陷。传递给这些函数的特制输入可能会导致使用 lapack 的应用程序崩溃或可能泄露部分内存。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	lapack	lapack through version 3.10.0	-

II. Public POCs for CVE-2021-4048

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-4048

Please Login to view more intelligence information

https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050cx_refsource_MISC
https://github.com/Reference-LAPACK/lapack/pull/625x_refsource_MISC
https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781x_refsource_MISC
https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41x_refsource_MISC
https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7x_refsource_MISC
https://github.com/JuliaLang/julia/issues/42415x_refsource_MISC
https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QFEVOCUG2UXMVMFMTU4ONJVDEHY2LW2/vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DROZM4M2QRKSD6FBO4BHSV2QMIRJQPHT/vendor-advisoryx_refsource_FEDORA
https://nvd.nist.gov/vuln/detail/CVE-2021-4048

IV. Related Vulnerabilities

Same vendor: n/a

Same weakness: CWE-125

V. Comments for CVE-2021-4048

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2021-4048

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-4048

III. Intelligence Information for CVE-2021-4048

IV. Related Vulnerabilities

V. Comments for CVE-2021-4048

Leave a comment