Exponential ReDoS in snowflake-connector-python leads to denial of service
CVE-2022-42965

3.7LOW

Key Information:

Vendor: Snowflake-connector-python
Status: Snowflake-connector-python
Vendor: CVE Published:; 9 November 2022

🔔 Create Snowflake-connector-python Vulnerability Alert

What is CVE-2022-42965?

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented get_file_transfer_type method

Affected Version(s)

snowflake-connector-python < 2.8.2

References

https://research.jfrog.com/vulnerabilities/snowflake-conn...

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 9, 2022
Vulnerability Reserved
Oct 15, 2022

CVE-2022-42965 Data

JSON