CVE-2025-24792

Jan. 29, 2025, 4:15 p.m.

4.4
Medium

Description

Snowflake PHP PDO Driver is a driver that uses the PHP Data Objects (PDO) extension to connect to the Snowflake database. Snowflake discovered and remediated a vulnerability in the Snowflake PHP PDO Driver where executing unsupported queries like PUT or GET on stages causes a signed-to-unsigned conversion error that crashes the application using the Driver. This vulnerability affects versions 0.2.0 through 3.0.3. Snowflake fixed the issue in version 3.1.0.

Product(s) Impacted

Product Versions
Snowflake PHP PDO Driver
  • 0.2.0
  • 3.0.3

Weaknesses

CWE-195
Signed to Unsigned Conversion Error
The product uses a signed primitive and performs a cast to an unsigned primitive, which can produce an unexpected value if the value of the signed primitive can not be represented using an unsigned primitive.

References

https://github.com/snowflakedb/pdo_snowflake/security/advisories/GHSA-f8q2-7fv5-cg93

Tags

security-advisories@github.com
2025-01-29
CVE-2025-24792
CWE-195

CVSS Score

4.4 / 10

CVSS Data

  • Attack Vector: LOCAL
  • Attack Complexity: HIGH
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH
    • View Vector String

    CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

Date

  • Published: Jan. 29, 2025, 4:15 p.m.
  • Last Modified: Jan. 29, 2025, 4:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.