An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HFedora Project Fedora
OSFedoraproject3435Julialang Julia
APPJulialang1.7.0≤ 1.6.3Lapack Project Lapack
APPLapack Project≤ 3.10.0Openblas Project Openblas
APPOpenblas Project< 0.3.18Red Hat Ceph Storage
APPRedhat2.03.04.05.0Red Hat Enterprise Linux
OSRedhat8.0Red Hat Openshift Container Storage
APPRedhat4.0Red Hat Openshift Data Foundation
APPRedhat4.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References
Related vulnerabilities
CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit
CVE-2024-5274CRITICAL9.6⚠ KEVPL ✓ten sam produkt
Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML
CVE-2024-4947CRITICAL9.6⚠ KEVPL ✓ten sam produkt
Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)
CVE-2024-4671CRITICAL9.6⚠ KEVPL ✓ten sam produkt
Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox