CVE-2024-58365
Received Received - Intake

SurrealDB Query Executor Uncaught Exception Leading to Server Crash

Vulnerability report for CVE-2024-58365, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-18

Last updated on: 2026-07-18

Assigner: VulnCheck

Description

SurrealDB versions before 1.2.0 contain an uncaught exception vulnerability in the query executor when processing calls to nonexistent built-in functions. Authorized clients can craft pre-parsed queries invoking nonexistent functions to trigger a panic that crashes the server.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-18
Last Modified
2026-07-18
Generated
2026-07-18
AI Q&A
2026-07-18
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
surrealdb surrealdb to 1.2.0 (exc)
surrealdb surrealdb 1.1.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-248 An exception is thrown from a function, but it is not caught.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects SurrealDB versions before 1.2.0. It allows authorized clients to send pre-parsed queries that call nonexistent built-in functions. This triggers an uncaught exception in the query executor, causing the server to panic and crash, resulting in a denial-of-service (DoS) condition.

Detection Guidance

Monitor SurrealDB server logs for crashes or panics triggered by queries containing calls to nonexistent functions. Check for repeated server restarts or abnormal termination events in system logs.

Impact Analysis

The impact includes server crashes, leading to downtime and loss of service availability. Authorized users could exploit this to disrupt database operations. The vulnerability has a medium severity with high availability impact according to CVSS scores.

Compliance Impact

This vulnerability primarily causes a denial-of-service (DoS) condition by crashing the SurrealDB server, which could lead to prolonged downtime and potential data unavailability. For GDPR, this may impact the right to access or rectify data if systems are unavailable. HIPAA requires availability of ePHI; a DoS could disrupt access, potentially violating this requirement.

Mitigation Strategies
  • Upgrade SurrealDB to version 1.2.0 or later to patch the vulnerability.
  • Restrict query execution permissions for untrusted users to limit potential attack vectors.
  • Configure the SurrealDB process to auto-restart after crashes to minimize downtime.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-58365. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart