CVE-2024-58369 PUBLISHED

SurrealDB before 1.1.1 Denial of Service via Global Parameters

Assigner: VulnCheck
Reserved: 18.07.2026 Published: 18.07.2026 Updated: 18.07.2026

SurrealDB versions before 1.1.1 fail to properly validate invocation of custom parameters and functions at root or namespace levels, causing server panic. Authorized clients can invoke these entities at unsupported levels to crash the SurrealDB server, resulting in denial of service.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVSS Score: 7.1

Product Status

Vendor surrealdb
Product surrealdb
Versions Default: unaffected
  • affected from 0 to 1.1.1 (excl.)
  • Version 1.1.1 is unaffected

Credits

  • Tu0Laj1 reporter
  • jabis reporter

References

Problem Types

  • Uncaught Exception CWE