CVE-2025-46329
- Source
- https://cve.org/CVERecord?id=CVE-2025-46329
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-46329.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-46329
- Aliases
-
- GHSA-jx4f-645p-wjpx
- Published
- 2025-04-29T04:35:49.431Z
- Modified
- 2026-04-12T16:30:24.285826Z
- Severity
-
- 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Snowflake Connector for C/C++ inserts client-side encryption key in DEBUG logs
- Details
-
libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. This issue has been patched in version 2.2.0.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-532" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/46xxx/CVE-2025-46329.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/46xxx/CVE-2025-46329.json
- https://github.com/snowflakedb/libsnowflakeclient/security/advisories/GHSA-jx4f-645p-wjpx
- https://nvd.nist.gov/vuln/detail/CVE-2025-46329
- https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe
Affected packages
Git / github.com/snowflakedb/libsnowflakeclient
Affected versions
0.*
0.5.0
0.5.1
0.5.3
0.5.5
v0.*
v0.5.10
v0.5.11
v0.5.12
v0.5.13
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.1
v0.6.10
v0.6.11
v0.6.12
v0.6.13
v0.6.14
v0.6.15
v0.6.16
v0.6.17
v0.6.18
v0.6.19
v0.6.2
v0.6.20
v0.6.3
v0.6.4
v0.6.5
v0.6.6
v0.6.7
v0.6.9
v0.68
v1.*
v1.0.0
v1.0.1
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.03
v1.1.0
v1.1.1
v2.*
v2.0.0
v2.1.0
Database specific
vanir_signatures_modified
"2026-04-12T16:30:24Z"
vanir_signatures
[
{
"id": "CVE-2025-46329-03870e2a",
"deprecated": false,
"source": "https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"function": "test_retry_request_header",
"file": "tests/test_unit_retry_context.c"
},
"digest": {
"function_hash": "7942729025278559601436867588711858392",
"length": 1004.0
}
},
{
"id": "CVE-2025-46329-16844e89",
"deprecated": false,
"source": "https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "tests/test_unit_retry_context.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"101328061680742617752614651807703361949",
"17143361940648208258999522292579487913",
"206643758478769055427197947010720373821",
"17957426890989422679351707868375993056",
"107652749563662363885001734873509686294",
"258283988202629953466742858814985364929",
"337587609785097680741638521613242538150",
"23731144201735133137484416925593997846",
"8650073874598151038085392519530055636",
"263695292231942312197971676174958564109",
"123656390772573888228161852040856440077",
"244802970463593475899654134913661683097",
"97245543661327512449711812627503700923",
"278096312454155384776616627341483716717",
"339924884405895951066009048408397341513",
"7553212789939367650186913435036411726",
"42338280551194517077963156027248801256",
"90936761224767222661938265505646589857",
"155223407888452615078908315843865440553",
"79572568684974074027817271273605779945",
"51101020832407310774854255447275245342",
"295038802031757904032390265258930326541",
"189908932658648608865007240460614871450",
"26935876843379994263500375811292434847",
"207974134454858919227392929893649009600",
"258135985606262039994996953906433771325",
"307813111706263875727902363235604497588",
"63415238913450340059942070487608256090",
"89727932069721883034828096331483560294",
"185121414144463546258716689331790416673",
"233482176486823370056156841759442639230",
"180999332051086124373888264201687013105",
"234064485362484298186650919534607532453",
"83804118529122683411617818591893765918",
"61314992623978173631333808231795491058"
]
}
},
{
"id": "CVE-2025-46329-33c87191",
"deprecated": false,
"source": "https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "lib/connection.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"232034466885765531319523717453360075161",
"254656246049394545142018553930667226640",
"146386433393477722099986904513039493896",
"138256267430108001944168810908288621100"
]
}
},
{
"id": "CVE-2025-46329-34604110",
"deprecated": false,
"source": "https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"function": "test_update_other_url_with_guid",
"file": "tests/test_unit_retry_context.c"
},
"digest": {
"function_hash": "111610238987876499610277287685017765771",
"length": 724.0
}
},
{
"id": "CVE-2025-46329-476bd381",
"deprecated": false,
"source": "https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"function": "test_update_query_url_with_retry_reason_enabled",
"file": "tests/test_unit_retry_context.c"
},
"digest": {
"function_hash": "190843381804973661090945687611217183234",
"length": 1428.0
}
},
{
"id": "CVE-2025-46329-50e44166",
"deprecated": false,
"source": "https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"function": "test_update_url_no_guid",
"file": "tests/test_unit_retry_context.c"
},
"digest": {
"function_hash": "128973286344782921015820496545833849079",
"length": 281.0
}
},
{
"id": "CVE-2025-46329-563c707b",
"deprecated": false,
"source": "https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "cpp/logger/SecretDetector.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"31019124781283306429342651068617990891",
"262377743558545849628357335812034354245",
"269160878832848591857135168652314647146",
"126872064788656225748738087343539807342",
"43243993973562474304741334121108426204",
"60855332400514756419201508599045801219",
"303156960007487644973550318699930118781",
"108783760984318339539309126880823908935",
"125100045484038012028983404756036152779",
"48772263559209068288165575885549380399",
"8623840619725720163409125192908055104",
"45131071765675959752630854313291945567"
]
}
},
{
"id": "CVE-2025-46329-77661ba8",
"deprecated": false,
"source": "https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "cpp/logger/SecretDetector.hpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"284372262497870971474161129263922166583",
"83994352865950396250217790537393456338",
"331898802250930456645993023028923780064",
"20741510778413691288018096819567928105",
"292766992402520477518601691783821906985",
"41430224875641117622141590382737092149",
"89907509617889021247804058364011268986",
"262702490169224392095133969306678576743"
]
}
},
{
"id": "CVE-2025-46329-7b7d92ad",
"deprecated": false,
"source": "https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"function": "SecretDetector::maskSecrets",
"file": "cpp/logger/SecretDetector.cpp"
},
"digest": {
"function_hash": "296666552716889796519597926148404757973",
"length": 331.0
}
},
{
"id": "CVE-2025-46329-7dbb5687",
"deprecated": false,
"source": "https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"function": "test_new_retry_strategy",
"file": "tests/test_unit_retry_context.c"
},
"digest": {
"function_hash": "104837237370342620945385507491188785699",
"length": 805.0
}
},
{
"id": "CVE-2025-46329-8c18176e",
"deprecated": false,
"source": "https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"function": "is_retryable_http_code",
"file": "lib/connection.c"
},
"digest": {
"function_hash": "18229342626688855842229031361617960479",
"length": 180.0
}
},
{
"id": "CVE-2025-46329-8c8cab22",
"deprecated": false,
"source": "https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"function": "test_mask_secret_log",
"file": "tests/test_unit_logger.c"
},
"digest": {
"function_hash": "159554474984148786967003142938350901825",
"length": 3206.0
}
},
{
"id": "CVE-2025-46329-9eeef3c7",
"deprecated": false,
"source": "https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"function": "main",
"file": "tests/test_unit_retry_context.c"
},
"digest": {
"function_hash": "541812366406598158395501775391241195",
"length": 389.0
}
},
{
"id": "CVE-2025-46329-ae5b0fe9",
"deprecated": false,
"source": "https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"function": "test_update_query_url_with_retry_reason_disabled",
"file": "tests/test_unit_retry_context.c"
},
"digest": {
"function_hash": "318290954067771798928514339029630339577",
"length": 1544.0
}
},
{
"id": "CVE-2025-46329-e6efc478",
"deprecated": false,
"source": "https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "tests/test_unit_logger.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"309191910202118010471463516134474410198",
"111235095408374731053660701661993661915",
"292321419152885930289387365742936118399",
"228137182897958721396664783804043253067"
]
}
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-46329.json"