Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-8655-xgh5-5vvq: fast-fault has a segmentation fault due to lack of bound check

In this case, the "fast_float::common::AsciiStr::first" method within the "AsciiStr" struct uses the unsafe keyword to reading from memory without performing bounds checking. Specifically, it directly dereferences a pointer offset by "self.ptr". Because of the above reason, the method accesses invalid memory address when it takes an empty string as its input. This approach violates Rust’s memory safety guarantees, as it can lead to invalid memory access if empty buffer is provided. No patched version for fast-float crate has been released, but a patch is available in the fast-float2 fork.

ghsa
GHSA-jqcp-xc3v-f446: fast-float2 has a segmentation fault due to lack of bound check

In this case, the "fast_float2::common::AsciiStr::first" method within the "AsciiStr" struct uses the unsafe keyword to reading from memory without performing bounds checking. Specifically, it directly dereferences a pointer offset by "self.ptr". Because of the above reason, the method accesses invalid memory address when it takes an empty string as its input. This approach violates Rust’s memory safety guarantees, as it can lead to invalid memory access if empty buffer is provided.

#vulnerability#web#git
GHSA-2mqw-rq5m-8hc8: Snowflake.Data has weak temporary files permissions

### Issue Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the same machine. This vulnerability affects versions 2.0.12 through 4.2.0 on Linux and macOS. Snowflake fixed the issue in version 4.3.0. ### Vulnerability Details When downloading files from stages, the Snowflake Connector for .NET uses the OS temporary directory to save files before copying them to the destination directory. The files in the temporary directory, which are removed once the write to the destination directory concludes, have world-readable permissions on Linux and macOS. This could allow any user on the local machine to access them during their limited lifetime. ### Solution Snowflake released version 4.3.0 of the Snowflake Connector for .NET, which fixes this issue. We recommend users upgrade to version 4.3.0. ### Additional...

GHSA-2vpq-fh52-j3wv: snowflake-connector-python vulnerable to SQL Injection in write_pandas

### Issue Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the snowflake.connector.pandas_tools module is vulnerable to SQL injection. This vulnerability affects versions 2.2.5 through 3.13.0. Snowflake fixed the issue in version 3.13.1. ### Vulnerability Details A function from the snowflake.connector.pandas_tools module is not sanitizing all of its arguments, and queries using them are not parametrized. An attacker controlling these arguments could achieve SQL injection by passing crafted input. Any SQL executed that way by an attacker would still run in the context of the current session. ### Solution Snowflake released version 3.13.1 of the Snowflake Connector for Python, which fixes this issue. We recommend users upgrade to version 3.13.1. ### Additional Information If you discover a security vulnerability in one of our products or websites, please report the issue to HackerOne. For more information, please see our [Vul...

GHSA-m4f6-vcj4-w5mx: snowflake-connector-python vulnerable to insecure deserialization of the OCSP response cache

### Issue Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the serialization format, potentially leading to local privilege escalation. This vulnerability affects versions 2.7.12 through 3.13.0. Snowflake fixed the issue in version 3.13.1. ### Vulnerability Details The OCSP response cache is saved locally on the machine running the Connector using the pickle serialization format. This can potentially lead to local privilege escalation if an attacker has write access to the OCSP response cache file. ### Solution Snowflake released version 3.13.1 of the Snowflake Connector for Python, which fixes this issue. We recommend users upgrade to version 3.13.1. ### Additional Information If you discover a security vulnerability in one of our products or websites, please report the issue to HackerOne. For more information, please see our [Vulnerability Disclosure Policy](https://hackerone.com/snowflake?type=team)...

GHSA-r2x6-cjg7-8r43: snowflake-connector-python vulnerable to insecure cache files permissions

### Issue Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential caching is enabled, the Snowflake Connector for Python will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 2.3.7 through 3.13.0. Snowflake fixed the issue in version 3.13.1. ### Vulnerability Details On Linux, when either EXTERNALBROWSER or USERNAME_PASSWORD_MFA authentication methods are used with temporary credential caching enabled, the Snowflake Connector for Python will cache the temporary credentials in a local file. In the vulnerable versions of the Driver, this file is created with world-readable permissions. ### Solution Snowflake released version 3.13.1 of the Snowflake Connector for Python, which fixes this issue. We recommend users upgrade to version 3.13.1. ### Additional Information If you discover a security vulnerability in one of our products or websites, please report the...

GHSA-hcr5-wv4p-h2g2: kube-audit-rest's example logging configuration could disclose secret values in the audit log

### Impact If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. ### Patches The example has been updated to fix this in commit db1aa5b867256b0a7bf206544c6981ab068b73dc ### Workarounds Replace ```yaml if .request.requestKind.kind == "Secret" { del(.request.object.data) .request.object.data.redacted = "REDACTED" del(.request.oldObject.data) .request.oldObject.data.redacted = "REDACTED" } ``` In the vector "audit-files-json-parser-and-redaction" step with ```yaml if .request.requestKind.kind == "Secret" { # Redact the secret data del(.request.object.data) .request.object.data.redacted = "REDACTED" del(.request.oldObject.data) .request.oldObject.data.redacted = "REDACTED" # Remove the previously set secret data - N...

GHSA-29qp-crvh-w22m: github.com/hashicorp/yamux's DefaultConfig has dangerous defaults causing hung Read

The default values for Session.config.KeepAliveInterval and Session.config.ConnectionWriteTimeout of 30s and 10s create the possibility for timed out writes that most aren't handling in their readers. Calls to Stream.Read on one side of a connection will hang until the underlying Session is closed if the corresponding Stream.Write call on the other side it's waiting for returns with ErrConnectionWriteTimeout. This happens in the case of network congestion between the two sides. If you keep Session.sendCh full (fixed capacity of 64) for ConnectionWriteTimeout, but for less than the KeepAliveInterval + ConnectionWriteTimeout (which would kill the Session), Stream.Write will return ErrConnectionWriteTimeout. The state of the underlying Session or Stream is not modified. When this happens, the other side's Stream.Read call that's waiting for that write will never return because there's no timeout for this edge-case. Since no keep alive timed out, you can continue to use the Session once...

GHSA-xfhv-wqj6-rx99: snowflake-sdk may incorrectly validate temporary credential cache file permissions

### Issue Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This vulnerability affects versions 1.12.0 through 2.0.1 on Linux. Snowflake fixed the issue in version 2.0.2. ### Vulnerability Details On Linux, when either EXTERNALBROWSER or USERNAME_PASSWORD_MFA authentication methods are used with temporary credential caching enabled, the Snowflake NodeJS Driver will cache temporary credentials in a local file. Due to a bug, the check verifying that the cache file can be accessed only by the user running the Driver always succeeded, but didn’t verify the permissions or the ownership correctly. An attacker with write access to the local cache folder could plant an empty file there and the Driver would use it to store temporary credentials instead of rejecting it due to overly broad permissions. ### Solution Snowflak...

GHSA-33g6-495w-v8j2: Snowflake JDBC uses insecure temporary credential cache file permissions

### Issue Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. On Linux systems, when temporary credential caching is enabled, the Snowflake JDBC Driver will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 3.6.8 through 3.21.0. Snowflake fixed the issue in version 3.22.0. ### Vulnerability Details On Linux, when either EXTERNALBROWSER or USERNAME_PASSWORD_MFA authentication methods are used with temporary credential caching enabled, the Snowflake JDBC Driver will cache temporary credentials in a local file. In the vulnerable versions of the Driver, this file is created with world-readable permissions. ### Solution Snowflake released version 3.22.0 of the Snowflake JDBC Driver, which fixes this issue. We recommend users upgrade to version 3.22.0. ### Additional Information If you discover a security vulnerability in one of our products or websites, please report the issue to HackerOne. For more informatio...