SurrealDB: Denial of Service via deep operator chains — GHSA-JV2J-MQMW-XVV5
GitHub · GitHub · GHSA-JV2J-MQMW-XVV5
ID
GHSA-JV2J-MQMW-XVV5
GHSA-JV2J-MQMW-XVV5
Date
Activity
Source
GitHub
GitHub
Vendor
GitHub
GitHub
Threat
medium
medium
CVSS
6.5
6.5
Summary
An authenticated user could crash a SurrealDB server with a single query containing a long chain of operators. Such a query — for example `RETURN 1 + 1 + 1 + ...` with tens of thousands of terms — is parsed into an expression tree one level deep per operator. Because the chain is flat and the pratt parser appends to it iteratively, the configured query- and object-recursion limits never fire, so the tree grows…
Product
rust: surrealdb
What to do
General, cautious steps (verify details in the official source):
- Review exposure and plan remediation based on risk and environment.
- Identify affected product versions in your inventory and verify whether you are impacted.
- Apply vendor patches/updates or recommended mitigations as soon as available.
- Read the official advisory for exact affected versions and remediation steps.