CVE-2025-24794

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-24794
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-24794.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-24794
Aliases
Related
Published
2025-01-29T21:15:21Z
Modified
2025-01-30T08:49:12.711029Z
Summary
[none]
Details

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the serialization format, potentially leading to local privilege escalation. This vulnerability affects versions 2.7.12 through 3.13.0. Snowflake fixed the issue in version 3.13.1.

References

Affected packages

Git / github.com/snowflakedb/snowflake-connector-python

Affected ranges

Type
GIT
Repo
https://github.com/snowflakedb/snowflake-connector-python
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v.*

v.1.7.11

v1.*

v1.3.10
v1.3.11
v1.3.12
v1.3.13
v1.3.14
v1.3.15
v1.3.16
v1.3.17
v1.3.18
v1.3.8
v1.3.9
v1.4.0
v1.4.1
v1.4.10
v1.4.11
v1.4.12
v1.4.13
v1.4.14
v1.4.15
v1.4.16
v1.4.17
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4.8
v1.4.9
v1.5.0
v1.5.1
v1.5.3
v1.5.4
v1.5.5
v1.5.6
v1.5.7
v1.5.8
v1.6.0
v1.6.1
v1.6.10
v1.6.11
v1.6.12
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.6.8
v1.6.9
v1.7.0
v1.7.1
v1.7.10
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.7.6
v1.7.7
v1.7.8
v1.7.9
v1.8.0
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.8.6
v1.8.7
v1.9.0

v2.*

v2.0.0
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.2.0
v2.2.1
v2.2.10
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.2.7
v2.2.8
v2.2.9
v2.25
v2.3.0
v2.3.1
v2.3.10
v2.3.2
v2.3.4
v2.3.8
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.6
v2.5.0
v2.6.1
v2.7.0
v2.7.10
v2.7.11
v2.7.12
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.7.8
v2.7.9
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.9.0

v3.*

v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.1.0
v3.1.1
v3.10.0
v3.11.0
v3.12.0
v3.12.1
v3.12.2
v3.12.3
v3.12.4
v3.13.0
v3.2.0
v3.2.1
v3.3.0
v3.3.1
v3.4.0
v3.4.1
v3.5.0
v3.6.0
v3.7.0
v3.7.1
v3.8.1
v3.9.0
v3.9.1