PT-2026-22301 · Snowflake · Snowflake-Jdbc
Fushuling
·
Published
2026-02-27
·
Updated
2026-02-27
·
CVE-2026-3293
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
snowflakedb snowflake-jdbc versions up to 4.0.1
Description
A weakness exists in the
SdkProxyRoutePlanner function within the JDBC URL Handler component of snowflakedb snowflake-jdbc. Manipulation of the nonProxyHosts argument can lead to inefficient regular expression complexity. This issue is locally exploitable and the exploit has been publicly released. The vulnerable code is located in the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java.Recommendations
Apply patch 5fb0a8a318a2ed87f4022a1f56e742424ba94052.
Exploit
Fix
Resource Exhaustion
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Snowflake-Jdbc