Lucene search

K
ibmIBMC982CF6338657F6143B56DF2B152C22F655B666B3943AA320ECBB445A15418E2
HistoryJul 17, 2020 - 11:00 p.m.

Security Bulletin: WML CE: SQLite through 3.32.2 has has a use-after-free problem.

2020-07-1723:00:57
www.ibm.com
8

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Summary

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.

Vulnerability Details

CVEID:CVE-2020-13871
**DESCRIPTION:**SQLite is vulnerable to a denial of service, caused by a use-after-free in resetAccumulator in select.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183370 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Watson Machine Learning Community Edition 1.6.2
IBM Watson Machine Learning Community Edition 1.7.0

Remediation/Fixes

SQLite has been updated to 3.32.3. TensorFlow must be updated to obtain the security fix.

Workarounds and Mitigations

Tensorflow must be updated.

For the GPU enabled version:

conda update tensorflow-gpu

For the non GPU enabled version:

conda update tensorflow

CPENameOperatorVersion
ibm poweraieq1.6.2
ibm poweraieq1.7.0

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P