PT-2025-5575 · Snowflake · Snowflake Connector For Python

Sfc-Gh-Fochnik

·

Publicado

2025-01-29

·

Atualizado

2025-01-29

·

CVE-2025-24794

CVSS v3.1

6.7

Média

VetorAV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Snowflake Connector for Python versions 2.7.12 through 3.13.0
Description The OCSP response cache in the Snowflake Connector for Python uses pickle as the serialization format, potentially leading to local privilege escalation. This issue can be exploited if an attacker has write access to the OCSP response cache file. The vulnerability was discovered and remediated by Snowflake.
Recommendations For versions 2.7.12 through 3.13.0, upgrade to version 3.13.1 to fix the issue. As a temporary workaround, consider restricting access to the OCSP response cache file to minimize the risk of exploitation.

Exploit

Correção

Deserialization of Untrusted Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-502

Identificadores relacionados

CVE-2025-24794
GHSA-M4F6-VCJ4-W5MX
PYSEC-2025-27

Produtos afetados

Snowflake Connector For Python