Skip to content

USA Variation

Snowflake's annual user conference is returning to San Francisco. Register today and save on a full conference pass.

sign up now
security hub
overview
security bulletins
compliance center
trust center
All bulletins

Snowflake PHP PDO Driver Crash on Unsupported PUT/GET Queries

Publication date: 2025-01-29

CVE ID

  • CVE-2025-24792 - Executing unsupported PUT or GET queries on stages causes a signed-to-unsigned conversion error that crashes the application.

CWE ID

  • CWE-195 (Signed to Unsigned Conversion Error)

CPEs

  • Not yet assigned (Awaiting NVD Analysis)

Affected versions:

  • 0.2.0 through 3.0.3

Patched versions:

  • 3.1.0

Description:

  • Snowflake PHP PDO Driver is a driver that uses the PHP Data Objects (PDO) extension to connect to the Snowflake database. Snowflake discovered and remediated a vulnerability in the Snowflake PHP PDO Driver where executing unsupported queries like PUT or GET on stages causes a signed-to-unsigned conversion error that crashes the application using the Driver. This vulnerability affects versions 0.2.0 through 3.0.3. Snowflake fixed the issue in version 3.1.0.

Resolution:

Upgrade to Snowflake PHP PDO Driver version 3.1.0 or later.

Where Data Does More

  • 30-day free trial
  • No credit card required
  • Cancel anytime 
start for free
watch a demo