CVE-2025-46330

libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat malformed requests that caused the HTTP response status code 400, as able to be retried. This could hang the application until SF_CON_MAX_RETRY requests were sent. This issue has been patched in version 2.2.0.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/snowflakedb/libsnowflakeclient/pull/882/commits/8120a057e041722e114ed2c5dbed3b5a649f72e2	Patch
https://github.com/snowflakedb/libsnowflakeclient/security/advisories/GHSA-ch37-53v3-m4cm	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:snowflake:connector_for_c\/c\+\+:*:*:*:*:*:*:*:*

History

09 May 2025, 19:37

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-29 05:15

Updated : 2025-05-09 19:37

NVD link : CVE-2025-46330

Mitre link : CVE-2025-46330

CVE.ORG link : CVE-2025-46330

JSON object : View

Products Affected

snowflake

connector_for_c\/c\+\+

CWE

CWE-573

Improper Following of Specification by Caller

NVD-CWE-noinfo

{"id": "CVE-2025-46330", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2025-04-29T05:15:46.817", "references": [{"url": "https://github.com/snowflakedb/libsnowflakeclient/pull/882/commits/8120a057e041722e114ed2c5dbed3b5a649f72e2", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/snowflakedb/libsnowflakeclient/security/advisories/GHSA-ch37-53v3-m4cm", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-573"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat malformed requests that caused the HTTP response status code 400, as able to be retried. This could hang the application until SF_CON_MAX_RETRY requests were sent. This issue has been patched in version 2.2.0."}, {"lang": "es", "value": "libsnowflakeclient es el conector de Snowflake para C/C++. Las versiones desde la 0.5.0 hasta anteriores a la 2.2.0 tratan incorrectamente las solicitudes malformadas que causaban el c\u00f3digo de estado de respuesta HTTP 400 como si se pudieran reintentar. Esto pod\u00eda bloquear la aplicaci\u00f3n hasta que se enviaran las solicitudes SF_CON_MAX_RETRY. Este problema se ha corregido en la versi\u00f3n 2.2.0."}], "lastModified": "2025-05-09T19:37:48.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:snowflake:connector_for_c\\/c\\+\\+:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0A1F10B-37C7-47D5-AB9E-A657E899CED4", "versionEndExcluding": "2.2.0", "versionStartIncluding": "0.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}