CVE-2024-58361
Received
Received - Intake
SurrealDB Parser Error Handling Denial of Service
Vulnerability report for CVE-2024-58361, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-18
Last updated on: 2026-07-18
Assigner: VulnCheck
Description
Description
SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the parser error rendering code when processing empty strings. Authorized clients can execute malformed queries with empty string conversions to record, duration, or datetime types that cause a panic in error rendering, crashing the server.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| surrealdb | surrealdb | to 2.0.4 (exc) |
| surrealdb | surrealdb | 2.0.0 |
| surrealdb | surrealdb | 2.0.1 |
| surrealdb | surrealdb | 2.0.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-248 | An exception is thrown from a function, but it is not caught. |