Primary

Context

Snowflake PHP PDO Driver Signed-to-Unsigned Conversion Error Vulnerability Leading to Application Crash

Vulnerability

A vulnerability exists in the Snowflake PHP PDO Driver, specifically in versions 0.2.0 through 3.0.3. The issue arises when unsupported queries, such as PUT or GET operations on stages, are executed. The driver fails to properly handle the return value of these queries, misinterpreting an error code as the number of returned columns. This oversight leads to a signed-to-unsigned conversion error, causing a PHP runtime error that crashes the application using the driver. Snowflake has addressed this vulnerability in version 3.1.0.

Impact

Exploitation of this vulnerability causes a PHP runtime error that crashes the application utilizing the Snowflake PHP PDO Driver.

Remediation

Users are advised to upgrade to version 3.1.0 of the Snowflake PHP PDO Driver, which addresses this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Snowflake PHP PDO Driver Signed-to-Unsigned Conversion Error Vulnerability Leading to Application Crash

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating