A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts can lead to inefficient regular expression complexity.
The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. This patch is called 5fb0a8a318a2ed87f4022a1f56e742424ba94052.
A patch should be applied to remediate this issue.
Attack Parameters
Attack Vector
Local
Нужен локальный доступ
Attack Complexity
Low
Легко эксплуатировать
Attack Requirements
None
Нет дополнительных условий
Privileges Required
Low
Нужны базовые права
User Interaction
None
Не нужно действие пользователя
Impact Assessment
Confidentiality
None
Нет утечки данных
Integrity
None
Нет модификации данных
Availability
Low
Частичное нарушение работы
CVSS Vector v4.0
Weakness Type (CWE)
References 8
https://github.com/snowflakedb/snowflake-jdbc/
cna@vuldb.com
https://github.com/snowflakedb/snowflake-jdbc/commit/5fb0a8a318a2ed87f4022a1f56…
cna@vuldb.com
https://github.com/snowflakedb/snowflake-jdbc/issues/2505
cna@vuldb.com
https://github.com/snowflakedb/snowflake-jdbc/issues/2505#issue-3951994646
cna@vuldb.com
https://snowflakecomputing.atlassian.net/browse/SNOW-3104251
cna@vuldb.com
https://vuldb.com/?ctiid.348035
cna@vuldb.com
https://vuldb.com/?id.348035
cna@vuldb.com
https://vuldb.com/?submit.760428
cna@vuldb.com