How serious is CVE-2022-42965?

This vulnerability has a CVSS score of 7.5 out of 10, classified as HIGH severity. No public exploit code has been identified yet.

Which products are affected by CVE-2022-42965?

CVE-2022-42965 affects snowflake snowflake connector. Check the full CVE details for specific version information.

How do I fix CVE-2022-42965?

To remediate CVE-2022-42965, check for security patches from snowflake. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2022-42965

High

|7.5

No Exploit

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker to cause a denial of service by sending specially crafted input to a specific method in the Snowflake Python connector, potentially overwhelming the system and making it unresponsive. It requires the attacker to have the ability to provide input to that method, which is not well-documented.

Technical Description

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented get_file_transfer_type method

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Confidentiality ImpactNone

Integrity ImpactNone

Availability ImpactHigh

ScopeUnchanged

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$2,053($1K-$5K)

Vendor Response

Grade FPatched in 1212 days

Quick Information

Published

Nov 9, 2022

over 3 years ago

Last Modified

Mar 6, 2026

about 1 month ago

Vendor

snowflake

Product

snowflake connector