Out-of-bounds Read in Julialang Julia
CVE-2021-4048
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an ap…
Vulnerability class: Buffer Overflow
EPSS: 0.026 (83.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H.
Affected products
- Julialang Julia — versions 1.7.0
- Lapack_project Lapack
- Openblas_project Openblas
- Fedoraproject Fedora — versions 34, 35
- Redhat Ceph_storage — versions 2.0, 3.0, 4.0
- Redhat Enterprise_linux — versions 8.0
- Redhat Openshift_container_storage — versions 4.0
- Redhat Openshift_data_foundation — versions 4.0
- N/a Lapack — versions lapack through version 3.10.0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- secalert@redhat.com (Patch, Third Party Advisory, x_refsource_MISC, Issue Tracking)
- secalert@redhat.com (Patch, Third Party Advisory, x_refsource_MISC)
- secalert@redhat.com (Patch, Third Party Advisory, x_refsource_MISC, Issue Tracking)
- secalert@redhat.com (Patch, Third Party Advisory, x_refsource_MISC)
- secalert@redhat.com (Patch, Third Party Advisory, x_refsource_MISC)
- secalert@redhat.com (Patch, Third Party Advisory, x_refsource_MISC)
- secalert@redhat.com (Patch, Third Party Advisory, x_refsource_MISC)
- secalert@redhat.com (x_refsource_FEDORA, vendor-advisory)
- secalert@redhat.com (x_refsource_FEDORA, vendor-advisory)
Frequently asked questions
- What is CVE-2021-4048?
- CVE-2021-4048 is a critical-severity vulnerability in Julialang Julia, classified under Out-of-bounds Read. CVSS score: 9.1/10. Published 2021-12-08.
- How severe is CVE-2021-4048?
- Critical severity. CVSS v3 base score is 9.1 out of 10.
- Is CVE-2021-4048 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.