{"id":"JLSEC-2025-6","summary":"An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack t...","details":"An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.","modified":"2025-11-06T23:02:56.440656Z","published":"2025-10-08T17:41:37.190Z","upstream":["CVE-2021-4048"],"database_specific":{"sources":[{"url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-4048","imported":"2025-10-07T15:10:16.258Z","published":"2021-12-08T22:15:10.220Z","id":"CVE-2021-4048","modified":"2024-11-21T06:36:47.820Z","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4048"}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"https://github.com/JuliaLang/julia/issues/42415"},{"type":"WEB","url":"https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781"},{"type":"WEB","url":"https://github.com/Reference-LAPACK/lapack/pull/625"},{"type":"WEB","url":"https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050c"},{"type":"WEB","url":"https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41"},{"type":"WEB","url":"https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7"},{"type":"WEB","url":"https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QFEVOCUG2UXMVMFMTU4ONJVDEHY2LW2/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DROZM4M2QRKSD6FBO4BHSV2QMIRJQPHT/"}],"affected":[{"package":{"name":"ReferenceBLAS32_jll","ecosystem":"Julia","purl":"pkg:julia/ReferenceBLAS32_jll?uuid=9e84b91c-71b0-5f24-acdc-49dbe8049396"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"3.12.1+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-6.json"}},{"package":{"name":"LAPACK32_jll","ecosystem":"Julia","purl":"pkg:julia/LAPACK32_jll?uuid=17f450c3-bd24-55df-bb84-8c51b4b939e3"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"3.10.1+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-6.json"}},{"package":{"name":"OpenBLASHighCoreCount_jll","ecosystem":"Julia","purl":"pkg:julia/OpenBLASHighCoreCount_jll?uuid=3a2d25a1-7f54-53f7-aded-df035e2fc6f8"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-6.json"}},{"package":{"name":"LAPACK_jll","ecosystem":"Julia","purl":"pkg:julia/LAPACK_jll?uuid=51474c39-65e3-53ba-86ba-03b1b862ec14"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"3.10.1+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-6.json"}},{"package":{"name":"OpenBLAS_jll","ecosystem":"Julia","purl":"pkg:julia/OpenBLAS_jll?uuid=4536629a-c528-5b80-bd46-f80d51c5b363"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.3.20+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-6.json"}},{"package":{"name":"ReferenceBLAS_jll","ecosystem":"Julia","purl":"pkg:julia/ReferenceBLAS_jll?uuid=ee697234-451c-51c9-b102-303d89a9c3a0"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"3.12.1+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-6.json"}},{"package":{"name":"OpenBLAS32_jll","ecosystem":"Julia","purl":"pkg:julia/OpenBLAS32_jll?uuid=656ef2d0-ae68-5445-9ca0-591084a874a2"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.3.20+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-6.json"}},{"package":{"name":"libjulia_jll","ecosystem":"Julia","purl":"pkg:julia/libjulia_jll?uuid=5ad3ddd2-0711-543a-b040-befd59781bbf"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.8.0+1"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-6.json"}},{"package":{"name":"SLICOT_jll","ecosystem":"Julia","purl":"pkg:julia/SLICOT_jll?uuid=545525a2-e20e-568b-b87f-b40a06098995"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-6.json"}}],"schema_version":"1.7.3"}