SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
CVEID:CVE-2020-13871
**DESCRIPTION:**SQLite is vulnerable to a denial of service, caused by a use-after-free in resetAccumulator in select.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183370 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Watson Machine Learning Community Edition | 1.6.2 |
IBM Watson Machine Learning Community Edition | 1.7.0 |
SQLite has been updated to 3.32.3. TensorFlow must be updated to obtain the security fix.
Tensorflow must be updated.
For the GPU enabled version:
conda update tensorflow-gpu
For the non GPU enabled version:
conda update tensorflow