CVE-2022-42965 LOW

CVE-2022-42965: Exponential ReDoS in snowflake-connector-python leads to denial of service

Vendor Snowflake-Connector-Python

Product snowflake-connector-python

Weakness CWE-1333

Published November 9, 2022

Last update May 1, 2025

View on NVD All CVEs

CVSS base score

3.7/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

Description

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented get_file_transfer_type method

Key dates

Disclosure timeline

November 9, 2022 CVE published

May 1, 2025 Record updated

Identifiers

CVE CVE-2022-42965

CWE CWE-1333

CVSS 3.7 / LOW

Affected versions

Vendor Snowflake-Connector-Python

Product snowflake-connector-python

Affected ≥ unspecified and < 2.8.2