Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-46330

libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat malformed requests that caused the HTTP response status code 400, as able to be retried. This could hang the application until SF_CON_MAX_RETRY requests were sent. This issue has been patched in version 2.2.0.

Published

2025-04-29T05:15:46.817

Last Modified

2025-05-09T19:37:48.193

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 3.3 (LOW)

Weaknesses

Type: Primary
CWE-573
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	snowflake	connector_for_c\/c\+\+	< 2.2.0	Yes

References

https://github.com/snowflakedb/libsnowflakeclient/pull/882/commits/8120a057e041722e114ed2c5dbed3b5a649f72e2 Patch ([email protected])
https://github.com/snowflakedb/libsnowflakeclient/security/advisories/GHSA-ch37-53v3-m4cm Vendor Advisory ([email protected])