{"id":"CVE-2025-46329","summary":"Snowflake Connector for C/C++ inserts client-side encryption key in DEBUG logs","details":"libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. This issue has been patched in version 2.2.0.","aliases":["GHSA-jx4f-645p-wjpx"],"modified":"2026-04-12T16:30:24.285826Z","published":"2025-04-29T04:35:49.431Z","database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/46xxx/CVE-2025-46329.json","cwe_ids":["CWE-532"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/46xxx/CVE-2025-46329.json"},{"type":"ADVISORY","url":"https://github.com/snowflakedb/libsnowflakeclient/security/advisories/GHSA-jx4f-645p-wjpx"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-46329"},{"type":"FIX","url":"https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/snowflakedb/libsnowflakeclient","events":[{"introduced":"c71248101816d40e4a21daeb4b1c952c8fa37eec"},{"fixed":"3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe"}]}],"versions":["0.5.0","0.5.1","0.5.3","0.5.5","v0.5.10","v0.5.11","v0.5.12","v0.5.13","v0.5.6","v0.5.7","v0.5.8","v0.5.9","v0.6.1","v0.6.10","v0.6.11","v0.6.12","v0.6.13","v0.6.14","v0.6.15","v0.6.16","v0.6.17","v0.6.18","v0.6.19","v0.6.2","v0.6.20","v0.6.3","v0.6.4","v0.6.5","v0.6.6","v0.6.7","v0.6.9","v0.68","v1.0.0","v1.0.1","v1.0.10","v1.0.11","v1.0.12","v1.0.13","v1.0.2","v1.0.3","v1.0.4","v1.0.5","v1.0.6","v1.0.7","v1.0.8","v1.0.9","v1.03","v1.1.0","v1.1.1","v2.0.0","v2.1.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-46329.json","vanir_signatures_modified":"2026-04-12T16:30:24Z","vanir_signatures":[{"target":{"file":"tests/test_unit_retry_context.c","function":"test_retry_request_header"},"digest":{"length":1004,"function_hash":"7942729025278559601436867588711858392"},"id":"CVE-2025-46329-03870e2a","signature_version":"v1","source":"https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe","signature_type":"Function","deprecated":false},{"target":{"file":"tests/test_unit_retry_context.c"},"digest":{"threshold":0.9,"line_hashes":["101328061680742617752614651807703361949","17143361940648208258999522292579487913","206643758478769055427197947010720373821","17957426890989422679351707868375993056","107652749563662363885001734873509686294","258283988202629953466742858814985364929","337587609785097680741638521613242538150","23731144201735133137484416925593997846","8650073874598151038085392519530055636","263695292231942312197971676174958564109","123656390772573888228161852040856440077","244802970463593475899654134913661683097","97245543661327512449711812627503700923","278096312454155384776616627341483716717","339924884405895951066009048408397341513","7553212789939367650186913435036411726","42338280551194517077963156027248801256","90936761224767222661938265505646589857","155223407888452615078908315843865440553","79572568684974074027817271273605779945","51101020832407310774854255447275245342","295038802031757904032390265258930326541","189908932658648608865007240460614871450","26935876843379994263500375811292434847","207974134454858919227392929893649009600","258135985606262039994996953906433771325","307813111706263875727902363235604497588","63415238913450340059942070487608256090","89727932069721883034828096331483560294","185121414144463546258716689331790416673","233482176486823370056156841759442639230","180999332051086124373888264201687013105","234064485362484298186650919534607532453","83804118529122683411617818591893765918","61314992623978173631333808231795491058"]},"id":"CVE-2025-46329-16844e89","signature_version":"v1","source":"https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe","signature_type":"Line","deprecated":false},{"target":{"file":"lib/connection.c"},"digest":{"threshold":0.9,"line_hashes":["232034466885765531319523717453360075161","254656246049394545142018553930667226640","146386433393477722099986904513039493896","138256267430108001944168810908288621100"]},"id":"CVE-2025-46329-33c87191","signature_version":"v1","source":"https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe","signature_type":"Line","deprecated":false},{"target":{"file":"tests/test_unit_retry_context.c","function":"test_update_other_url_with_guid"},"digest":{"length":724,"function_hash":"111610238987876499610277287685017765771"},"id":"CVE-2025-46329-34604110","signature_version":"v1","source":"https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe","signature_type":"Function","deprecated":false},{"target":{"file":"tests/test_unit_retry_context.c","function":"test_update_query_url_with_retry_reason_enabled"},"digest":{"length":1428,"function_hash":"190843381804973661090945687611217183234"},"id":"CVE-2025-46329-476bd381","signature_version":"v1","source":"https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe","signature_type":"Function","deprecated":false},{"target":{"file":"tests/test_unit_retry_context.c","function":"test_update_url_no_guid"},"digest":{"length":281,"function_hash":"128973286344782921015820496545833849079"},"id":"CVE-2025-46329-50e44166","signature_version":"v1","source":"https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe","signature_type":"Function","deprecated":false},{"target":{"file":"cpp/logger/SecretDetector.cpp"},"digest":{"threshold":0.9,"line_hashes":["31019124781283306429342651068617990891","262377743558545849628357335812034354245","269160878832848591857135168652314647146","126872064788656225748738087343539807342","43243993973562474304741334121108426204","60855332400514756419201508599045801219","303156960007487644973550318699930118781","108783760984318339539309126880823908935","125100045484038012028983404756036152779","48772263559209068288165575885549380399","8623840619725720163409125192908055104","45131071765675959752630854313291945567"]},"id":"CVE-2025-46329-563c707b","signature_version":"v1","source":"https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe","signature_type":"Line","deprecated":false},{"target":{"file":"cpp/logger/SecretDetector.hpp"},"digest":{"threshold":0.9,"line_hashes":["284372262497870971474161129263922166583","83994352865950396250217790537393456338","331898802250930456645993023028923780064","20741510778413691288018096819567928105","292766992402520477518601691783821906985","41430224875641117622141590382737092149","89907509617889021247804058364011268986","262702490169224392095133969306678576743"]},"id":"CVE-2025-46329-77661ba8","signature_version":"v1","source":"https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe","signature_type":"Line","deprecated":false},{"target":{"file":"cpp/logger/SecretDetector.cpp","function":"SecretDetector::maskSecrets"},"digest":{"length":331,"function_hash":"296666552716889796519597926148404757973"},"id":"CVE-2025-46329-7b7d92ad","signature_version":"v1","source":"https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe","signature_type":"Function","deprecated":false},{"target":{"file":"tests/test_unit_retry_context.c","function":"test_new_retry_strategy"},"digest":{"length":805,"function_hash":"104837237370342620945385507491188785699"},"id":"CVE-2025-46329-7dbb5687","signature_version":"v1","source":"https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe","signature_type":"Function","deprecated":false},{"target":{"file":"lib/connection.c","function":"is_retryable_http_code"},"digest":{"length":180,"function_hash":"18229342626688855842229031361617960479"},"id":"CVE-2025-46329-8c18176e","signature_version":"v1","source":"https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe","signature_type":"Function","deprecated":false},{"target":{"file":"tests/test_unit_logger.c","function":"test_mask_secret_log"},"digest":{"length":3206,"function_hash":"159554474984148786967003142938350901825"},"id":"CVE-2025-46329-8c8cab22","signature_version":"v1","source":"https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe","signature_type":"Function","deprecated":false},{"target":{"file":"tests/test_unit_retry_context.c","function":"main"},"digest":{"length":389,"function_hash":"541812366406598158395501775391241195"},"id":"CVE-2025-46329-9eeef3c7","signature_version":"v1","source":"https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe","signature_type":"Function","deprecated":false},{"target":{"file":"tests/test_unit_retry_context.c","function":"test_update_query_url_with_retry_reason_disabled"},"digest":{"length":1544,"function_hash":"318290954067771798928514339029630339577"},"id":"CVE-2025-46329-ae5b0fe9","signature_version":"v1","source":"https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe","signature_type":"Function","deprecated":false},{"target":{"file":"tests/test_unit_logger.c"},"digest":{"threshold":0.9,"line_hashes":["309191910202118010471463516134474410198","111235095408374731053660701661993661915","292321419152885930289387365742936118399","228137182897958721396664783804043253067"]},"id":"CVE-2025-46329-e6efc478","signature_version":"v1","source":"https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe","signature_type":"Line","deprecated":false}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}