5 matches found
CVE-2024-58359
SurrealDB versions before 2.1.0 contain a denial of service vulnerability in the sorting mechanism when using ORDER BY rand clause. Authorized clients can execute queries with ORDER BY rand to trigger a panic in the sorting function, crashing the server...
EUVD-2024-55676
SurrealDB versions before 2.1.0 contain a denial of service vulnerability in the sorting mechanism when using ORDER BY rand clause. Authorized clients can execute queries with ORDER BY rand to trigger a panic in the sorting function, crashing the server...
SurrealDB has an Uncaught Exception Sorting Tables by Random Order
Sorting table records using an ORDER BY clause with the rand function as sorting mechanism could cause a panic due to relying on a comparison function that did not implement total order. This event resulted in a panic due to a recent change in Rust 1.81. Impact A client that is authorized to run...
GHSA-M52V-24P8-654F SurrealDB has an Uncaught Exception Sorting Tables by Random Order
Sorting table records using an ORDER BY clause with the rand function as sorting mechanism could cause a panic due to relying on a comparison function that did not implement total order. This event resulted in a panic due to a recent change in Rust 1.81. Impact A client that is authorized to run...
PT-2024-40361 · Surrealdb · Surrealdb
Name of the Vulnerable Software and Affected Versions: SurrealDB versions prior to 2.1.0 Description: The issue arises when using an ORDER BY clause with the rand function for sorting table records, which can cause a panic due to a comparison function that does not implement total order. This can...