Name of the Vulnerable Software and Affected Versions SurrealDB versions prior to 1.1.0

Description The issue affects the SurrealDB HTTP REST API, where the ID, DB, and NS headers fail to parse when containing special characters, causing a panic that crashes the SurrealDB server, leading to denial of service. An unauthenticated client can exploit this by issuing an HTTP request with affected headers containing special characters. This issue only affects the SurrealDB binary, not the SurrealDB library.

Recommendations For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue. As a temporary workaround, consider limiting untrusted access to the SurrealDB HTTP REST API unless required by the application. Additionally, ensure the SurrealDB process is configured to automatically restart after a crash to minimize the impact of the denial of service.