Name of the Vulnerable Software and Affected Versions SurrealDB versions prior to 2.1.0

Description The issue arises from the conversion of Ident values to the Role enum, which expects only specific values (owner, editor, and viewer). If a nonexistent role is used, it would result in a panic, leading to a denial of service. A privileged user with the owner role can define a user with a nonexistent role, causing the server to crash when attempting to perform certain IAM operations with that user.

Recommendations For versions prior to 2.1.0, limit access to users with the owner role at any level to trusted parties only to minimize the risk of exploitation. Additionally, ensure that the SurrealDB process is configured to automatically restart after a crash to reduce the impact of the denial of service. Update to version 2.1.0 or later to resolve the issue.