GHSA-JV2J-MQMW-XVV5
Vulnerability from github – Published: 2026-06-19 22:10 – Updated: 2026-06-19 22:10An authenticated user could crash a SurrealDB server with a single query containing a long chain of operators.
Such a query — for example RETURN 1 + 1 + 1 + ... with tens of thousands of terms — is parsed into an expression tree one level deep per operator. Because the chain is flat and the pratt parser appends to it iteratively, the configured query- and object-recursion limits never fire, so the tree grows unbounded with the length of the query.
The root cause: the over-deep tree is later walked recursively, one call per node, when it is dropped, formatted, or lowered for execution — overflowing the thread stack and aborting the process.
Impact
An authenticated user with query-execution privileges can crash a SurrealDB server with a single query containing a long chain of operators. The whole process aborts, denying service to every namespace and database on that instance until it is restarted. The crash occurs during query processing, before any data is read or written (availability only).
Patches
A patch introduces a dedicated expression-depth budget — expr_recursion_limit, sourced from max_expression_parsing_depth (default 128, configurable via SURREAL_MAX_EXPRESSION_PARSING_DEPTH). It is charged once per pratt-parser level and once per operator appended to the spine, so an over-deep operator chain is rejected with a syntax error instead of building a tree that overflows the stack downstream. Paths that re-parse already-validated stored data are exempted, so existing databases with deep stored expressions still load.
- Versions 3.1.5 and later are not affected by this issue.
Workarounds
Users unable to patch should consider the following workarounds:
- Restrict the ability of untrusted users to execute arbitrary queries via the
--deny-arbitrary-querycapability flag for the affected user classes (guest, record, or system). - Restrict untrusted access to the WebSocket
/rpcendpoint, which accepts larger request bodies than the HTTP/sqlendpoint. The/sqlendpoint's 1 MiB body limit lowers the achievable operator depth but does not by itself guarantee the stack cannot be exhausted. - Run SurrealDB under an orchestrator or process manager that restarts it automatically on exit (e.g. Kubernetes, systemd
Restart=on-failure, or a Docker restart policy), so the server recovers immediately after a crash. This limits downtime from a successful attack but does not prevent the crash.
References
- SurrealQL Documentation — Operators
fix(syn): bound expression operator-tree depth to prevent stack-overflow DoS
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "surrealdb"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-674"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-19T22:10:55Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "An authenticated user could crash a SurrealDB server with a single query containing a long chain of operators.\n\nSuch a query \u2014 for example `RETURN 1 + 1 + 1 + ...` with tens of thousands of terms \u2014 is parsed into an expression tree one level deep per operator. Because the chain is flat and the pratt parser appends to it iteratively, the configured query- and object-recursion limits never fire, so the tree grows unbounded with the length of the query.\n\nThe root cause: the over-deep tree is later walked recursively, one call per node, when it is dropped, formatted, or lowered for execution \u2014 overflowing the thread stack and aborting the process.\n\n### Impact\n\nAn authenticated user with query-execution privileges can crash a SurrealDB server with a single query containing a long chain of operators. The whole process aborts, denying service to every namespace and database on that instance until it is restarted. The crash occurs during query processing, before any data is read or written (availability only).\n\n### Patches\n\nA patch introduces a dedicated expression-depth budget \u2014 `expr_recursion_limit`, sourced from `max_expression_parsing_depth` (default 128, configurable via `SURREAL_MAX_EXPRESSION_PARSING_DEPTH`). It is charged once per pratt-parser level and once per operator appended to the spine, so an over-deep operator chain is rejected with a syntax error instead of building a tree that overflows the stack downstream. Paths that re-parse already-validated stored data are exempted, so existing databases with deep stored expressions still load.\n\n- Versions 3.1.5 and later are not affected by this issue.\n\n### Workarounds\n\nUsers unable to patch should consider the following workarounds:\n\n- Restrict the ability of untrusted users to execute arbitrary queries via the `--deny-arbitrary-query` capability flag for the affected user classes (guest, record, or system).\n- Restrict untrusted access to the WebSocket `/rpc` endpoint, which accepts larger request bodies than the HTTP `/sql` endpoint. The `/sql` endpoint\u0027s 1 MiB body limit lowers the achievable operator depth but does not by itself guarantee the stack cannot be exhausted.\n- Run SurrealDB under an orchestrator or process manager that restarts it automatically on exit (e.g. Kubernetes, systemd `Restart=on-failure`, or a Docker restart policy), so the server recovers immediately after a crash. This limits downtime from a successful attack but does not prevent the crash.\n\n### References\n\n- [SurrealQL Documentation \u2014 Operators](https://surrealdb.com/docs/surrealql/operators)\n- `fix(syn): bound expression operator-tree depth to prevent stack-overflow DoS`",
"id": "GHSA-jv2j-mqmw-xvv5",
"modified": "2026-06-19T22:10:55Z",
"published": "2026-06-19T22:10:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/surrealdb/surrealdb/security/advisories/GHSA-jv2j-mqmw-xvv5"
},
{
"type": "PACKAGE",
"url": "https://github.com/surrealdb/surrealdb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "SurrealDB: Denial of Service via deep operator chains"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.