GHSA-q3gg-m8hr-h4x4: 
Rust vulnerability analysis and mitigation

A high-severity format string vulnerability (GHSA-q3gg-m8hr-h4x4) was discovered in SurrealDB's scripting functions, affecting versions prior to 1.1.1. The vulnerability exists in the rquickjs crate used by SurrealDB for QuickJS C library bindings, where the Exception::throw_type function directly feeds strings into printf without proper formatting, leading to undefined behavior when scripting functions return errors containing format strings like %s or %d. This vulnerability only affects SurrealDB servers with explicitly enabled scripting capabilities (GitHub Advisory).

The vulnerability stems from the rquickjs crate's implementation where error strings are directly passed to printf without proper handling. The issue has a CVSS v3.1 score of 8.6 (High), with the following characteristics: Network attack vector, High attack complexity, Low privileges required, No user interaction needed, Changed scope, and High impact on confidentiality, integrity, and availability. The vulnerability is specifically triggered when a SurrealDB scripting function returns an error containing format string specifiers (GitHub Advisory).

An attacker with privileges to execute scripting functions can potentially exploit this vulnerability to read arbitrary memory from the remote SurrealDB process. The vulnerability could also be leveraged to execute arbitrary code with the privileges of the SurrealDB process. However, the exploitation complexity is somewhat increased due to error messages being limited to 256 bytes and the presence of Rust executable exploit mitigation features (GitHub Advisory).

The vulnerability has been patched in SurrealDB version 1.1.1 and later. For users unable to update, the recommended workaround is to restrict access from untrusted users to define and execute scripting functions. This can be achieved by removing the scripting capability using --deny-scripting flag or setting SURREAL_CAPS_DENY_SCRIPT=true environment variable. If this is not possible, network access should be limited to trusted users only (GitHub Advisory).