CVE-2024-58364
Received Received - Intake

SurrealDB Query Parsing Panic Leading to DoS

Vulnerability report for CVE-2024-58364, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-18

Last updated on: 2026-07-18

Assigner: VulnCheck

Description

SurrealDB versions before 1.2.1 contain an uncaught exception handling vulnerability in span rendering when parsing queries with errors on line terminator characters. Authorized clients can submit malformed queries that trigger a panic in the span rendering code, crashing the server and causing denial of service.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-18
Last Modified
2026-07-18
Generated
2026-07-18
AI Q&A
2026-07-18
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
surrealdb surrealdb to 1.2.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-248 An exception is thrown from a function, but it is not caught.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

SurrealDB versions before 1.2.1 have a flaw where malformed queries with line terminator characters cause an uncaught exception during span rendering. This triggers a server panic, crashing the system and leading to a denial of service. Authorized clients can exploit this by submitting such queries.

Detection Guidance

To detect this vulnerability, monitor SurrealDB server logs for crashes or panics during query processing. Check for malformed queries containing line terminator characters. Ensure your SurrealDB version is updated to 1.2.1 or later to avoid this issue.

Impact Analysis

This vulnerability allows authorized users to crash the SurrealDB server by sending specially crafted queries. This results in service disruption, as the server becomes unavailable until restarted. It does not lead to data breaches or unauthorized access but causes downtime.

Compliance Impact

This vulnerability primarily causes denial of service by crashing the SurrealDB server through malformed queries. It does not directly impact data confidentiality or integrity, which are key concerns for GDPR and HIPAA. However, prolonged downtime could disrupt access to personal or health data, potentially violating availability requirements under these regulations.

Mitigation Strategies

Immediately upgrade SurrealDB to version 1.2.1 or later. If upgrading is not possible, restrict untrusted query execution and configure automatic process restart after crashes to mitigate denial of service.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-58364. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart