Denial of Service Vulnerability in SurrealDB by SurrealDB Inc.
CVE-2024-58370
7.1HIGH
What is CVE-2024-58370?
SurrealDB versions prior to 1.1.0 are vulnerable to a Denial of Service attack due to inadequate enforcement of recursion depth limits when processing nested SurrealQL statements. Attackers with valid authorization can exploit this flaw by submitting intricate queries that exceed safe nesting levels, leading to stack overflow and potential server crashes. This vulnerability underscores the importance of reviewing and updating server configurations to safeguard against such attacks.
Affected Version(s)
surrealdb 0 < 1.1.0
surrealdb 1.1.0
