CVE-2025-46330

Summary

libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat malformed requests that caused the HTTP response status code 400, as able to be retried. This could hang the application until SF_CON_MAX_RETRY requests were sent. This issue has been patched in version 2.2.0.

Affected Software

VendorProductVersion RangeStatus
snowflakedblibsnowflakeclient>= 0.5.0, < 2.2.0affected

Weaknesses

  • CWE-573: CWE-573: Improper Following of Specification by Caller

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References