{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/surrealdb--1.1.1/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.5,"id":"CVE-2024-58366"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["SurrealDB \u003c 1.1.1"],"_cs_severities":["high"],"_cs_tags":["format-string","remote-code-execution","privilege-escalation","database"],"_cs_type":"advisory","_cs_vendors":["SurrealDB"],"content_html":"\u003cp\u003eCVE-2024-58366 is a high-severity format string vulnerability identified in SurrealDB versions prior to 1.1.1. The flaw resides in the \u003ccode\u003erquickjs Exception::throw_type\u003c/code\u003e function, specifically when scripting capabilities are enabled within the database. This vulnerability allows an attacker who has already obtained scripting privileges within a SurrealDB instance to inject carefully crafted format string sequences into error inputs. Successful exploitation of this vulnerability can lead to critical consequences, including the ability to read arbitrary memory locations within the SurrealDB process's address space or execute arbitrary code with the same privileges as the SurrealDB process itself. This presents a significant risk for data exfiltration, system compromise, or further lateral movement within an affected environment.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains legitimate scripting privileges within a SurrealDB instance (initial access vector not specified in the vulnerability details).\u003c/li\u003e\n\u003cli\u003eThe attacker identifies a function or context where error messages are generated and processed by the vulnerable \u003ccode\u003erquickjs Exception::throw_type\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts malicious input containing format string specifiers (e.g., \u003ccode\u003e%x\u003c/code\u003e, \u003ccode\u003e%n\u003c/code\u003e, \u003ccode\u003e%s\u003c/code\u003e) to be injected into an operation that will trigger an error.\u003c/li\u003e\n\u003cli\u003eThe SurrealDB instance attempts to process the error message, and the vulnerable function interprets the format string specifiers.\u003c/li\u003e\n\u003cli\u003eDepending on the injected format string, the attacker can either read arbitrary memory from the SurrealDB process's address space.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker can leverage specific format string techniques (e.g., \u003ccode\u003e%n\u003c/code\u003e) to write data to arbitrary memory locations, leading to arbitrary code execution.\u003c/li\u003e\n\u003cli\u003eUpon successful code execution, the attacker operates with the privileges of the SurrealDB process, potentially leading to full system compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2024-58366 grants an attacker the ability to read arbitrary memory or execute code with the privileges of the SurrealDB process. This can lead to severe data breaches, as sensitive information stored in memory (e.g., encryption keys, session tokens, user data) could be exfiltrated. Furthermore, arbitrary code execution allows the attacker to fully compromise the host system running SurrealDB, install backdoors, deploy additional malware, or establish persistence. While no specific victim counts or sectors are detailed, any organization utilizing vulnerable SurrealDB instances with scripting enabled is at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2024-58366 immediately by upgrading SurrealDB to version 1.1.1 or later.\u003c/li\u003e\n\u003cli\u003eRestrict scripting privileges to trusted users and only enable scripting where absolutely necessary to reduce the attack surface.\u003c/li\u003e\n\u003cli\u003eMonitor application logs for SurrealDB for unusual error patterns, especially those containing format string specifiers, which could indicate exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-18T14:20:52Z","date_published":"2026-07-18T14:20:52Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2024-58366-surrealdb-format-string/","summary":"A high-severity format string vulnerability, CVE-2024-58366, exists in SurrealDB versions before 1.1.1 within the `rquickjs Exception::throw_type` function, allowing attackers with scripting privileges to achieve arbitrary memory reading or remote code execution with SurrealDB process privileges by injecting malicious format string sequences into error inputs.","title":"CVE-2024-58366 - SurrealDB Format String Vulnerability Leading to RCE","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2024-58366-surrealdb-format-string/"}],"language":"en","title":"CraftedSignal Threat Feed - SurrealDB \u003c 1.1.1","version":"https://jsonfeed.org/version/1.1"}