CVE-2024-58369
Received Received - Intake

SurrealDB Server Panic via Custom Parameter Invocation Before 1.1.1

Vulnerability report for CVE-2024-58369, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-18

Last updated on: 2026-07-18

Assigner: VulnCheck

Description

SurrealDB versions before 1.1.1 fail to properly validate invocation of custom parameters and functions at root or namespace levels, causing server panic. Authorized clients can invoke these entities at unsupported levels to crash the SurrealDB server, resulting in denial of service.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-18
Last Modified
2026-07-18
Generated
2026-07-18
AI Q&A
2026-07-18
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
surrealdb surrealdb to 1.1.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-248 An exception is thrown from a function, but it is not caught.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

SurrealDB versions before 1.1.1 fail to validate custom parameters and functions at root or namespace levels. Authorized clients can invoke these entities at unsupported levels, causing the server to panic and crash, resulting in a denial of service.

Detection Guidance

To detect this vulnerability, check the version of SurrealDB running on your system. Run the command 'surreal version' or inspect the server logs for version information. If the version is below 1.1.1, the system is vulnerable.

Impact Analysis

This vulnerability allows authorized users to crash the SurrealDB server by invoking unsupported custom parameters or functions. The server downtime disrupts database operations, leading to service unavailability for all users.

Compliance Impact

This vulnerability primarily impacts availability by causing server crashes, which could lead to prolonged downtime for systems processing sensitive data. For GDPR, this may affect the right to access or rectify data if services are unavailable. HIPAA requires timely access to protected health information; a DoS could disrupt this, potentially violating compliance.

Mitigation Strategies

Immediately update SurrealDB to version 1.1.1 or later. If updating is not possible, restrict untrusted users from running arbitrary SurrealQL queries at root or namespace levels. Configure the SurrealDB process to auto-restart after a crash to minimize downtime.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-58369. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart