SurrealDB versions before 1.1.0 fail to enforce recursion depth limits when parsing nested SurrealQL statements including IF, RELATE, and attribute… (CVE-2024-58370)
SurrealDB versions before 1.1.0 fail to enforce recursion depth limits when parsing nested SurrealQL statements including IF, RELATE, and attribute access idioms. Authorized attackers can submit queries with excessive nesting depth to cause stack overflow and crash the server.
AI Analysis
Technical Summary
CVE-2024-58370 affects SurrealDB versions prior to 1.1.0 by failing to enforce recursion depth limits during the parsing of nested SurrealQL statements. This flaw allows authorized attackers to submit deeply nested queries that trigger a stack overflow, resulting in a denial of service via server crash. The vulnerability is categorized under CWE-674 (Improper Control of a Resource Through its Lifetime). There is no indication of known exploits in the wild or vendor-provided patches at this time.
Potential Impact
Exploitation of this vulnerability can cause a denial of service by crashing the SurrealDB server through stack overflow. Only authorized attackers can exploit this issue by submitting specially crafted queries with excessive nesting depth. There is no evidence of remote code execution or data breach from the provided data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, limit query complexity and nesting depth where possible and monitor for abnormal query patterns from authorized users to reduce risk.
SurrealDB versions before 1.1.0 fail to enforce recursion depth limits when parsing nested SurrealQL statements including IF, RELATE, and attribute… (CVE-2024-58370)
Description
SurrealDB versions before 1.1.0 fail to enforce recursion depth limits when parsing nested SurrealQL statements including IF, RELATE, and attribute access idioms. Authorized attackers can submit queries with excessive nesting depth to cause stack overflow and crash the server.
CVSS v4.0
Affected software
pkg:github/surrealdb/surrealdbRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-58370 affects SurrealDB versions prior to 1.1.0 by failing to enforce recursion depth limits during the parsing of nested SurrealQL statements. This flaw allows authorized attackers to submit deeply nested queries that trigger a stack overflow, resulting in a denial of service via server crash. The vulnerability is categorized under CWE-674 (Improper Control of a Resource Through its Lifetime). There is no indication of known exploits in the wild or vendor-provided patches at this time.
Potential Impact
Exploitation of this vulnerability can cause a denial of service by crashing the SurrealDB server through stack overflow. Only authorized attackers can exploit this issue by submitting specially crafted queries with excessive nesting depth. There is no evidence of remote code execution or data breach from the provided data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, limit query complexity and nesting depth where possible and monitor for abnormal query patterns from authorized users to reduce risk.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-qv48-pw56-mwc4
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2024-58370"]
- Ecosystems
- []
- Database Specific Severity
- HIGH
- Cvss Version
- 4.0
Threat ID: 6a5ba17e44ab8fbf7c789b87
Added to database: 07/18/2026, 15:53:34 UTC
Last enriched: 07/18/2026, 16:21:53 UTC
Last updated: 07/18/2026, 20:11:48 UTC
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.