{
  "id": "GO-2022-0574",
  "published": "2022-07-01T00:01:03Z",
  "modified": "0001-01-01T00:00:00Z",
  "aliases": [
    "CVE-2022-33082",
    "GHSA-2m4x-4q9j-w97g"
  ],
  "details": "An issue in the AST parser of Open Policy Agent makes it possible for attackers to cause a Denial of Service attack from a crafted input.",
  "affected": [
    {
      "package": {
        "name": "github.com/open-policy-agent/opa",
        "ecosystem": "Go"
      },
      "ranges": [
        {
          "type": "SEMVER",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.42.0"
            }
          ]
        }
      ],
      "database_specific": {
        "url": "https://pkg.go.dev/vuln/GO-2022-0574"
      },
      "ecosystem_specific": {
        "imports": [
          {
            "path": "github.com/open-policy-agent/opa/ast",
            "symbols": [
              "Args.Copy",
              "Args.Vars",
              "Array.Copy",
              "Array.Foreach",
              "Array.Iter",
              "Array.Until",
              "ArrayComprehension.Copy",
              "BeforeAfterVisitor.Walk",
              "Body.Copy",
              "Body.Vars",
              "Call.Copy",
              "CompileModules",
              "CompileModulesWithOpt",
              "Compiler.Compile",
              "Compiler.GetRulesDynamic",
              "Compiler.GetRulesDynamicWithOpts",
              "Compiler.PassesTypeCheck",
              "ContainsClosures",
              "ContainsComprehensions",
              "ContainsRefs",
              "Copy",
              "Every.Copy",
              "Every.KeyValueVars",
              "Expr.Copy",
              "Expr.CopyWithoutTerms",
              "Expr.Vars",
              "GenericTransformer.Transform",
              "GenericVisitor.Walk",
              "Head.Copy",
              "Head.Vars",
              "Import.Copy",
              "IsConstant",
              "JSON",
              "JSONWithOpt",
              "Module.Copy",
              "Module.UnmarshalJSON",
              "MustCompileModules",
              "MustCompileModulesWithOpts",
              "MustJSON",
              "MustParseBody",
              "MustParseBodyWithOpts",
              "MustParseExpr",
              "MustParseImports",
              "MustParseModule",
              "MustParseModuleWithOpts",
              "MustParsePackage",
              "MustParseRef",
              "MustParseRule",
              "MustParseStatement",
              "MustParseStatements",
              "MustParseTerm",
              "NewGraph",
              "ObjectComprehension.Copy",
              "OutputVarsFromBody",
              "OutputVarsFromExpr",
              "Package.Copy",
              "ParseBody",
              "ParseBodyWithOpts",
              "ParseExpr",
              "ParseImports",
              "ParseModule",
              "ParseModuleWithOpts",
              "ParsePackage",
              "ParseRef",
              "ParseRule",
              "ParseStatement",
              "ParseStatements",
              "ParseStatementsWithOpts",
              "ParseTerm",
              "Parser.Parse",
              "Pretty",
              "QueryContext.Copy",
              "Ref.ConstantPrefix",
              "Ref.Copy",
              "Ref.Dynamic",
              "Ref.Extend",
              "Ref.OutputVars",
              "Rule.Copy",
              "SetComprehension.Copy",
              "SomeDecl.Copy",
              "Term.Copy",
              "Term.Vars",
              "Transform",
              "TransformComprehensions",
              "TransformRefs",
              "TransformVars",
              "TreeNode.DepthFirst",
              "TypeEnv.Get",
              "Unify",
              "ValueMap.Copy",
              "ValueMap.Equal",
              "ValueMap.Hash",
              "ValueMap.Iter",
              "ValueMap.MarshalJSON",
              "ValueMap.String",
              "ValueToInterface",
              "VarVisitor.Walk",
              "Walk",
              "WalkBeforeAndAfter",
              "WalkBodies",
              "WalkClosures",
              "WalkExprs",
              "WalkNodes",
              "WalkRefs",
              "WalkRules",
              "WalkTerms",
              "WalkVars",
              "WalkWiths",
              "With.Copy",
              "baseDocEqIndex.AllRules",
              "baseDocEqIndex.Build",
              "baseDocEqIndex.Lookup",
              "bodySafetyTransformer.Visit",
              "comprehensionIndexNestedCandidateVisitor.Walk",
              "comprehensionIndexRegressionCheckVisitor.Walk",
              "metadataParser.Parse",
              "object.Copy",
              "object.Diff",
              "object.Filter",
              "object.Foreach",
              "object.Intersect",
              "object.Iter",
              "object.Map",
              "object.Merge",
              "object.MergeWith",
              "object.Until",
              "queryCompiler.Compile",
              "refChecker.Visit",
              "refindices.Sorted",
              "refindices.Update",
              "rewriteDeclaredVarsInTerm",
              "rewriteNestedHeadVarLocalTransform.Visit",
              "ruleArgLocalRewriter.Visit",
              "ruleWalker.Do",
              "set.Copy",
              "set.Diff",
              "set.Foreach",
              "set.Intersect",
              "set.Iter",
              "set.Map",
              "set.Reduce",
              "set.Union",
              "set.Until",
              "trieNode.Do",
              "trieNode.Traverse",
              "trieTraversalResult.Add",
              "typeChecker.CheckBody",
              "typeChecker.CheckTypes"
            ]
          }
        ]
      }
    }
  ],
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/open-policy-agent/opa/pull/4701"
    },
    {
      "type": "FIX",
      "url": "https://github.com/open-policy-agent/opa/commit/064f6168a8dfebdeb2ea147f7882bb9f5d2b7f67"
    },
    {
      "type": "WEB",
      "url": "https://github.com/open-policy-agent/opa/issues/4762"
    }
  ],
  "schema_version": "1.3.1"
}