CVE-2025-24794

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-24794

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-24794.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-24794

Aliases

Related

CGA-f69p-9rg2-8gqj

Published

2025-01-29T20:25:15Z

Modified

2025-10-30T20:30:14.790424Z

Severity

6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

The Snowflake Connector for Python uses insecure deserialization of the OCSP response cache

Details

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the serialization format, potentially leading to local privilege escalation. This vulnerability affects versions 2.7.12 through 3.13.0. Snowflake fixed the issue in version 3.13.1.

Database specific

{
    "cwe_ids": [
        "CWE-502"
    ]
}

References

Affected packages

Git / github.com/snowflakedb/snowflake-connector-python

Affected ranges

Type: GIT
Repo: https://github.com/snowflakedb/snowflake-connector-python
Events: Introduced

e145e627460b2aa546701201d04c88eba496bedc

Fixed

51bd4842f9e282e98706ca9736d169fd8f362663

Affected versions

v2.*

v2.7.12

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.9.0

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.1.0

v3.1.1

v3.10.0

v3.11.0

v3.12.0

v3.12.1

v3.12.2

v3.12.3

v3.12.4

v3.13.0

v3.2.0

v3.2.1

v3.3.0

v3.3.1

v3.4.0

v3.4.1

v3.5.0

v3.6.0

v3.7.0

v3.7.1

v3.8.1

v3.9.0

v3.9.1