CVE-2025-24792 MEDIUM

CVE-2025-24792: Snowflake PHP PDO Driver has a Signed-to-Unsigned Conversion Error

Vendor Snowflakedb
Product pdo_snowflake
Weakness CWE-195
Published January 29, 2025
Last update February 12, 2025

CVSS base score

4.4/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Snowflake PHP PDO Driver is a driver that uses the PHP Data Objects (PDO) extension to connect to the Snowflake database. Snowflake discovered and remediated a vulnerability in the Snowflake PHP PDO Driver where executing unsupported queries like PUT or GET on stages causes a signed-to-unsigned conversion error that crashes the application using the Driver. This vulnerability affects versions 0.2.0 through 3.0.3. Snowflake fixed the issue in version 3.1.0.

Key dates

02Disclosure timeline

January 29, 2025 CVE published
February 12, 2025 Record updated