Name of the Vulnerable Software and Affected Versions SurrealDB versions prior to 2.0.4

Description The issue occurs when the parser fails to handle the conversion of an empty string to a SurrealDB value, such as when casting to a record, duration, or datetime, or when parsing an empty string to JSON. This can cause a panic in the error rendering code, leading to a denial of service. An authorized client can execute a malformed query that fails to parse, causing the server to crash.

Recommendations For versions prior to 2.0.4, update to version 2.0.4 or later to resolve the issue. As a temporary workaround, consider limiting the ability of untrusted clients to run arbitrary SurrealQL queries. Additionally, ensure that the SurrealDB process is configured to automatically restart after a crash to minimize the impact of the denial of service.