{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/surrealdb--1.1.0/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2024-58368"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["SurrealDB (\u003c 1.1.0)"],"_cs_severities":["low"],"_cs_tags":["denial-of-service","web-vulnerability","database","http-api","cve"],"_cs_type":"advisory","_cs_vendors":["SurrealDB"],"content_html":"\u003cp\u003eSurrealDB versions before 1.1.0 are vulnerable to a denial-of-service (DoS) attack identified as CVE-2024-58368, with a CVSS v3.1 base score of 7.5. Unauthenticated attackers can exploit this vulnerability by sending specially crafted HTTP REST API requests. The core issue lies in the improper parsing of the \u003ccode\u003eID\u003c/code\u003e, \u003ccode\u003eDB\u003c/code\u003e, and \u003ccode\u003eNS\u003c/code\u003e headers when these headers contain specific special characters. This malformation triggers an uncaught exception within the SurrealDB server process, causing it to crash unexpectedly. This leads to the unavailability of the database service, impacting any applications or users relying on it. Organizations running affected SurrealDB instances should prioritize patching to mitigate this availability risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a vulnerable SurrealDB instance (version prior to 1.1.0) exposed via its HTTP REST API.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts an HTTP POST or PUT request targeting any SurrealDB REST API endpoint (e.g., \u003ccode\u003e/sql\u003c/code\u003e or \u003ccode\u003e/key\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe crafted request includes one or more of the \u003ccode\u003eID\u003c/code\u003e, \u003ccode\u003eDB\u003c/code\u003e, or \u003ccode\u003eNS\u003c/code\u003e HTTP headers with values containing specially chosen malformed or \u0026quot;special\u0026quot; characters.\u003c/li\u003e\n\u003cli\u003eThe vulnerable SurrealDB server receives the malicious HTTP request.\u003c/li\u003e\n\u003cli\u003eDuring the processing and parsing of the HTTP headers, the server encounters the malformed characters in the \u003ccode\u003eID\u003c/code\u003e, \u003ccode\u003eDB\u003c/code\u003e, or \u003ccode\u003eNS\u003c/code\u003e fields.\u003c/li\u003e\n\u003cli\u003eThe improper parsing logic within SurrealDB fails to handle these characters gracefully, leading to an uncaught exception.\u003c/li\u003e\n\u003cli\u003eThis uncaught exception causes the SurrealDB server process to terminate unexpectedly, resulting in a crash.\u003c/li\u003e\n\u003cli\u003eThe SurrealDB service becomes unavailable, effectively causing a denial-of-service condition for all legitimate users and applications.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2024-58368 leads directly to a denial-of-service (DoS) condition for the affected SurrealDB instance. This means that the database server will crash and become unresponsive, rendering any applications or services dependent on it inoperable. While no data integrity or confidentiality issues are reported with this specific vulnerability, the sustained unavailability of a critical database service can lead to significant operational disruptions, financial losses, and reputational damage. The impact affects all users and processes attempting to interact with the compromised SurrealDB instance.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch SurrealDB instances to version 1.1.0 or newer immediately to mitigate CVE-2024-58368.\u003c/li\u003e\n\u003cli\u003eImplement robust monitoring of web server access logs and SurrealDB application logs for signs of unexpected server crashes or restarts.\u003c/li\u003e\n\u003cli\u003eConfigure web application firewalls (WAFs) or API gateways to inspect incoming HTTP requests for anomalous character patterns or malformed values within custom HTTP headers like \u003ccode\u003eID\u003c/code\u003e, \u003ccode\u003eDB\u003c/code\u003e, and \u003ccode\u003eNS\u003c/code\u003e targeting SurrealDB.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-18T14:21:36Z","date_published":"2026-07-18T14:21:36Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2024-58368-surrealdb-dos/","summary":"Unauthenticated attackers can exploit CVE-2024-58368 in SurrealDB versions prior to 1.1.0 by sending crafted HTTP REST API requests with malformed ID, DB, or NS headers, leading to an uncaught exception and server crash, resulting in denial of service.","title":"CVE-2024-58368: SurrealDB Denial-of-Service via Malformed HTTP Headers","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2024-58368-surrealdb-dos/"}],"language":"en","title":"CraftedSignal Threat Feed - SurrealDB (\u003c 1.1.0)","version":"https://jsonfeed.org/version/1.1"}