Back to overview

CVE-2024-58370

MEDIUM
6.5
CVSS 3.1
Description
SurrealDB versions before 1.1.0 fail to enforce recursion depth limits when parsing nested SurrealQL statements including IF, RELATE, and attribute access idioms. Authorized attackers can submit queries with excessive nesting depth to cause stack overflow and crash the server.

Metadata

CVE ID
CVE-2024-58370
State
PUBLISHED
Assigner
VulnCheck
Reserved
2026-07-18 12:40 UTC
Published
2026-07-18 13:10 UTC
Last updated
2026-07-18 13:10 UTC
Primary CWE
CWE-674
Uncontrolled Recursion
Vendor / Product
surrealdb / surrealdb
Sources
cve.org  ·  NVD

Severity & Metrics

6.5 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products (1)
VendorProductPlatformVersions
surrealdb surrealdb 0 < 1.1.0, 1.1.0
Weakness (CWE)
CWESourceDescription
CWE-674 cna Uncontrolled Recursion
CVSS scores (2)
ScoreSeverityVersionSourceVector
7.1 HIGH 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
6.5 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References (2)
Back to overview