Denial of Service Vulnerability in SurrealDB by SurrealDB, Inc.
CVE-2024-58364

7.1HIGH

Key Information:

Vendor

Surrealdb

Status
Vendor
CVE Published:
18 July 2026

What is CVE-2024-58364?

SurrealDB versions prior to 1.2.1 are susceptible to an uncaught exception handling vulnerability during span rendering, specifically when parsing erroneous queries with line terminator characters. This allows authorized clients to send malformed queries that cause a panic in the span rendering code. As a result, the server may crash, leading to a denial of service. Implementing the latest version is crucial to mitigate this issue.

Affected Version(s)

surrealdb 0 < 1.2.1

surrealdb 1.2.1

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Cheyenne1025
.