CVE Vulnerabilities

CVE-2025-46330

Improper Following of Specification by Caller

Published: Apr 29, 2025 | Modified: May 09, 2025
CVSS 3.x
3.3
LOW
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat malformed requests that caused the HTTP response status code 400, as able to be retried. This could hang the application until SF_CON_MAX_RETRY requests were sent. This issue has been patched in version 2.2.0.

Weakness

The product does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform.

Affected Software

Name Vendor Start Version End Version
Connector_for_c/c++ Snowflake 0.5.0 (including) 2.2.0 (excluding)

References