<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>SurrealDB (&lt; 1.1.0) - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/surrealdb--1.1.0/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Sat, 18 Jul 2026 14:21:36 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/surrealdb--1.1.0/feed.xml" rel="self" type="application/rss+xml"/><item><title>CVE-2024-58368: SurrealDB Denial-of-Service via Malformed HTTP Headers</title><link>https://feed.craftedsignal.io/briefs/2026-07-cve-2024-58368-surrealdb-dos/</link><pubDate>Sat, 18 Jul 2026 14:21:36 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-cve-2024-58368-surrealdb-dos/</guid><description>Unauthenticated attackers can exploit CVE-2024-58368 in SurrealDB versions prior to 1.1.0 by sending crafted HTTP REST API requests with malformed ID, DB, or NS headers, leading to an uncaught exception and server crash, resulting in denial of service.</description><content:encoded><![CDATA[<p>SurrealDB versions before 1.1.0 are vulnerable to a denial-of-service (DoS) attack identified as CVE-2024-58368, with a CVSS v3.1 base score of 7.5. Unauthenticated attackers can exploit this vulnerability by sending specially crafted HTTP REST API requests. The core issue lies in the improper parsing of the <code>ID</code>, <code>DB</code>, and <code>NS</code> headers when these headers contain specific special characters. This malformation triggers an uncaught exception within the SurrealDB server process, causing it to crash unexpectedly. This leads to the unavailability of the database service, impacting any applications or users relying on it. Organizations running affected SurrealDB instances should prioritize patching to mitigate this availability risk.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An unauthenticated attacker identifies a vulnerable SurrealDB instance (version prior to 1.1.0) exposed via its HTTP REST API.</li>
<li>The attacker crafts an HTTP POST or PUT request targeting any SurrealDB REST API endpoint (e.g., <code>/sql</code> or <code>/key</code>).</li>
<li>The crafted request includes one or more of the <code>ID</code>, <code>DB</code>, or <code>NS</code> HTTP headers with values containing specially chosen malformed or &quot;special&quot; characters.</li>
<li>The vulnerable SurrealDB server receives the malicious HTTP request.</li>
<li>During the processing and parsing of the HTTP headers, the server encounters the malformed characters in the <code>ID</code>, <code>DB</code>, or <code>NS</code> fields.</li>
<li>The improper parsing logic within SurrealDB fails to handle these characters gracefully, leading to an uncaught exception.</li>
<li>This uncaught exception causes the SurrealDB server process to terminate unexpectedly, resulting in a crash.</li>
<li>The SurrealDB service becomes unavailable, effectively causing a denial-of-service condition for all legitimate users and applications.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The successful exploitation of CVE-2024-58368 leads directly to a denial-of-service (DoS) condition for the affected SurrealDB instance. This means that the database server will crash and become unresponsive, rendering any applications or services dependent on it inoperable. While no data integrity or confidentiality issues are reported with this specific vulnerability, the sustained unavailability of a critical database service can lead to significant operational disruptions, financial losses, and reputational damage. The impact affects all users and processes attempting to interact with the compromised SurrealDB instance.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Patch SurrealDB instances to version 1.1.0 or newer immediately to mitigate CVE-2024-58368.</li>
<li>Implement robust monitoring of web server access logs and SurrealDB application logs for signs of unexpected server crashes or restarts.</li>
<li>Configure web application firewalls (WAFs) or API gateways to inspect incoming HTTP requests for anomalous character patterns or malformed values within custom HTTP headers like <code>ID</code>, <code>DB</code>, and <code>NS</code> targeting SurrealDB.</li>
</ul>
]]></content:encoded><category domain="severity">low</category><category domain="type">advisory</category><category>denial-of-service</category><category>web-vulnerability</category><category>database</category><category>http-api</category><category>cve</category></item></channel></rss>