CVE-2025-24792

29.01.2025, 16:15

Snowflake PHP PDO Driver is a driver that uses the PHP Data Objects (PDO) extension to connect to the Snowflake database. Snowflake discovered and remediated a vulnerability in the Snowflake PHP PDO Driver where executing unsupported queries like PUT or GET on stages causes a signed-to-unsigned conversion error that crashes the application using the Driver. This vulnerability affects versions 0.2.0 through 3.0.3. Snowflake fixed the issue in version 3.1.0.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.4 MEDIUM	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
GitHub_M	CNA	4.4 MEDIUM	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 2%

Common Weakness Enumeration

CWE-195 - Signed to Unsigned Conversion Error
The software uses a signed primitive and performs a cast to an unsigned primitive, which can produce an unexpected value if the value of the signed primitive can not be represented using an unsigned primitive.

References

https://github.com/snowflakedb/pdo_snowflake/security/advisories/GHSA-f8q2-7fv5-cg93