6.5

CVSS Score

3.1

Basic Information

CVE ID

GHSA ID

GHSA-8xff-473h-f863

EPSS Score

CWE

CWE-248

Published

2/21/2024

Updated

2/21/2024

KEV Status

Technology

Rust

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-8xff-473h-f863

GHSA-8xff-473h-f863: Uncaught Exception Handling Parsing Errors on Line Terminators

The span rendering would panic when handling failed parsing of queries where the error occurred on a line terminator character.

Impact

A client that is authorized to run queries in a SurrealDB server is able to execute a malformed query which will fail to parse on a line terminator character and cause a panic in the span rendering code. This will crash the server, leading to denial of service.

Patches

Version 1.2.1 and later are not affected by this issue.

Workarounds

Concerned users unable to update may want to limit the ability of untrusted users to run arbitrary SurrealQL queries in the affected versions of SurrealDB. To limit the impact of the denial of service, SurrealDB administrators may also want to ensure that the SurrealDB process is running so that it can be automatically re-started after a crash.

References

#3527
https://github.com/StarlaneStudios/Surrealist/issues/177

(GitHub Advisory)

6.5

CVSS Score

3.1

Basic Information

CVE ID

GHSA ID

GHSA-8xff-473h-f863

EPSS Score

CWE

CWE-248

Published

2/21/2024

Updated

2/21/2024

KEV Status

Technology

Rust

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
surrealdb	rust	<= 1.2.0	1.2.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from panics during error span rendering when parsing fails on line terminators. In Rust, such panics typically occur from unwrapped Result/Option or invalid string slicing. The error span rendering function would be responsible for generating diagnostic messages with source code locations, making it susceptible to out-of-bounds access when the error position coincides with a line terminator. The function name and location are inferred from standard Rust crate structure and the nature of the vulnerability, though exact code confirmation is unavailable.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** sp*n r*n**rin* woul* p*ni* w**n **n*lin* **il** p*rsin* o* qu*ri*s w**r* t** *rror o**urr** on * lin* t*rmin*tor ***r**t*r. ### Imp**t * *li*nt t**t is *ut*oriz** to run qu*ri*s in * Surr**l** s*rv*r is **l* to *x**ut* * m*l*orm** qu*ry w*i** w

Reasoning

T** vuln*r**ility st*ms *rom p*ni*s *urin* *rror sp*n r*n**rin* w**n p*rsin* **ils on lin* t*rmin*tors. In Rust, su** p*ni*s typi**lly o**ur *rom unwr*pp** `R*sult`/`Option` or inv*li* strin* sli*in*. T** *rror sp*n r*n**rin* `*un*tion` woul* ** r*sp

6.5

Basic Information

Concerned about an active attack path?

GHSA-8xff-473h-f863: Uncaught Exception Handling Parsing Errors on Line Terminators

Impact

Patches

Workarounds

References

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI