GCVE - cpe:2.3:a:snowflake:connector_for_c\/c\+\+:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:snowflake:connector_for_c\/c\+\+:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Snowflake (`de799455-6744-506b-babc-9114bb379007`)
Product	Connector For C/C++ (`3f168753-463a-5c15-bb70-8536c0c9ffe7`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-46330`	vulnerable	2026-06-08 07:27:08.062130	Snowflake Connector for C/C++ retries malformed requests LOW (3.3) libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat malformed requests that caused the HTTP response status code 400, as able to be retried. This could hang the application until SF_CON_MAX_RETRY requests were sent. This issue has been patched in version 2.2.0. Published: 2025-04-29T04:34:37.061Z Updated: 2025-04-29T13:40:22.200Z Open on db.gcve.eu Reference links https://github.com/snowflakedb/libsnowflakeclient/security/advisories/GHSA-ch37-53v3-m4cm https://github.com/snowflakedb/libsnowflakeclient/pull/882/commits/8120a057e041722e114ed2c5dbed3b5a649f72e2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-46329`	vulnerable	2026-06-08 07:27:08.061657	Snowflake Connector for C/C++ inserts client-side encryption key in DEBUG logs LOW (3.3) libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. This issue has been patched in version 2.2.0. Published: 2025-04-29T04:35:49.431Z Updated: 2025-04-29T13:34:10.233Z Open on db.gcve.eu Reference links https://github.com/snowflakedb/libsnowflakeclient/security/advisories/GHSA-jx4f-645p-wjpx https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.