Plateforme
java
Composant
net.snowflake:snowflake-jdbc
Corrigé dans
4.0.1
4.0.2
4.0.2
A weakness has been identified in Snowflake JDBC Driver versions up to 4.0.1. This vulnerability affects the SdkProxyRoutePlanner function within the JDBC URL Handler component, specifically concerning the handling of the nonProxyHosts argument. Successful exploitation could lead to inefficient regular expression complexity, potentially impacting system resources. A patch is available to address this issue.
The vulnerability lies in the way the Snowflake JDBC Driver handles the nonProxyHosts argument within the SdkProxyRoutePlanner function. An attacker, operating locally, can craft a malicious input that triggers an inefficient regular expression. This can lead to excessive CPU usage and potentially denial of service, as the system struggles to process the complex regex. While the impact is considered LOW due to the local execution requirement, the potential for resource exhaustion warrants prompt remediation. The availability of a public exploit increases the risk of exploitation.
The exploit for CVE-2026-3293 has been publicly released, increasing the likelihood of exploitation. The vulnerability is considered LOW severity based on its CVSS score and the requirement for local execution. It is not currently listed on the CISA KEV catalog. Active campaigns targeting this specific vulnerability are not currently known, but the public availability of the exploit warrants vigilance.
Organizations utilizing Snowflake JDBC Driver versions 4.0.1 and earlier are at risk. This includes applications directly interacting with Snowflake databases using the JDBC driver, particularly those with local access to the driver's execution environment. Shared hosting environments where multiple applications share the same JDBC driver instance are also at increased risk.
• java / application: Monitor CPU usage and memory consumption of the Snowflake JDBC Driver process. Look for unusual spikes that correlate with JDBC connection activity.
ps aux | grep snowflake-jdbc | awk '{print $3, $4}'• java / application: Analyze application logs for errors related to regular expression processing or JDBC connection failures. • generic web: If the JDBC driver is used in a web application, monitor web server logs for unusual patterns or errors related to JDBC connections. • database (mysql, redis, mongodb, postgresql): While not directly impacting these databases, monitor the Snowflake instance for increased resource usage that might be triggered by malicious JDBC connections.
disclosure
Statut de l'Exploit
EPSS
0.01% (percentile 1%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2026-3293 is to upgrade to a patched version of the Snowflake JDBC Driver. The patch identifier is 5fb0a8a318a2ed87f4022a1f56e742424ba94052. Before upgrading, assess the potential impact on existing applications and consider a staged rollout. If an immediate upgrade is not feasible, consider implementing input validation on the nonProxyHosts parameter to restrict the complexity of the provided values. After upgrade, confirm the fix by attempting to trigger the vulnerable function with a complex nonProxyHosts value and verifying that it does not result in excessive resource consumption.
Actualice la biblioteca snowflake-jdbc a una versión posterior a 4.0.1 que contenga la corrección para la vulnerabilidad ReDoS en la función SdkProxyRoutePlanner. Consulte las notas de la versión de snowflake-jdbc para obtener más detalles sobre la actualización.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-3293 is a LOW severity vulnerability in Snowflake JDBC Driver versions up to 4.0.1. It allows manipulation of the nonProxyHosts argument to cause inefficient regular expression complexity, potentially leading to resource exhaustion.
Yes, if you are using Snowflake JDBC Driver version 4.0.1 or earlier, you are potentially affected by this vulnerability. Upgrade to the patched version to mitigate the risk.
Upgrade to a patched version of Snowflake JDBC Driver with patch identifier 5fb0a8a318a2ed87f4022a1f56e742424ba94052. Consider input validation as a temporary workaround.
While active campaigns are not currently known, a public exploit is available, increasing the risk of exploitation. Vigilance and prompt patching are recommended.
Refer to the Snowflake security advisories page for the latest information and official guidance regarding CVE-2026-3293: [https://security.snowflake.com/](https://security.snowflake.com/)
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier pom.xml et nous te dirons instantanément si tu es affecté.