Name of the Vulnerable Software and Affected Versions SurrealDB versions prior to 2.1.0

Description The issue arises when using an ORDER BY clause with the rand() function for sorting table records, which can cause a panic due to a comparison function that does not implement total order. This can lead to a denial of service if a client authorized to run queries in a SurrealDB server exploits this weakness. The estimated number of potentially affected devices is not specified.

Recommendations For SurrealDB versions prior to 2.1.0, update to version 2.1.0 or later to resolve the issue. As a temporary workaround, consider limiting the ability of untrusted clients to run arbitrary SurrealQL queries. Additionally, ensure that the SurrealDB process is configured to automatically restart after a crash to minimize the impact of the denial of service.