Name of the Vulnerable Software and Affected Versions: SurrealDB versions prior to 1.2.0

Description: The issue occurs when a query containing a call to a nonexistent built-in SurrealDB function is executed, potentially causing a denial of service by crashing the server. This can happen when the SurrealDB client version is newer than the server version, or when a pre-parsed query is provided via a newer version of the SurrealDB SDK. An authorized client can craft and execute a pre-parsed query invoking a nonexistent function, leading to a server crash.

Recommendations: For versions prior to 1.2.0, consider limiting the ability of untrusted users to run arbitrary SurrealQL queries to minimize the risk of exploitation. Additionally, ensure that the SurrealDB process is configured to automatically restart after a crash to limit the impact of the denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability, but updating to version 1.2.0 or later will resolve the issue.