| id: GO-2022-0574 |
| modules: |
| - module: github.com/open-policy-agent/opa |
| versions: |
| - fixed: 0.42.0 |
| vulnerable_at: 0.41.0 |
| packages: |
| - package: github.com/open-policy-agent/opa/ast |
| symbols: |
| - rewriteDeclaredVarsInTerm |
| derived_symbols: |
| - Args.Copy |
| - Args.Vars |
| - Array.Copy |
| - Array.Foreach |
| - Array.Iter |
| - Array.Until |
| - ArrayComprehension.Copy |
| - BeforeAfterVisitor.Walk |
| - Body.Copy |
| - Body.Vars |
| - Call.Copy |
| - CompileModules |
| - CompileModulesWithOpt |
| - Compiler.Compile |
| - Compiler.GetRulesDynamic |
| - Compiler.GetRulesDynamicWithOpts |
| - Compiler.PassesTypeCheck |
| - ContainsClosures |
| - ContainsComprehensions |
| - ContainsRefs |
| - Copy |
| - Every.Copy |
| - Every.KeyValueVars |
| - Expr.Copy |
| - Expr.CopyWithoutTerms |
| - Expr.Vars |
| - GenericTransformer.Transform |
| - GenericVisitor.Walk |
| - Head.Copy |
| - Head.Vars |
| - Import.Copy |
| - IsConstant |
| - JSON |
| - JSONWithOpt |
| - Module.Copy |
| - Module.UnmarshalJSON |
| - MustCompileModules |
| - MustCompileModulesWithOpts |
| - MustJSON |
| - MustParseBody |
| - MustParseBodyWithOpts |
| - MustParseExpr |
| - MustParseImports |
| - MustParseModule |
| - MustParseModuleWithOpts |
| - MustParsePackage |
| - MustParseRef |
| - MustParseRule |
| - MustParseStatement |
| - MustParseStatements |
| - MustParseTerm |
| - NewGraph |
| - ObjectComprehension.Copy |
| - OutputVarsFromBody |
| - OutputVarsFromExpr |
| - Package.Copy |
| - ParseBody |
| - ParseBodyWithOpts |
| - ParseExpr |
| - ParseImports |
| - ParseModule |
| - ParseModuleWithOpts |
| - ParsePackage |
| - ParseRef |
| - ParseRule |
| - ParseStatement |
| - ParseStatements |
| - ParseStatementsWithOpts |
| - ParseTerm |
| - Parser.Parse |
| - Pretty |
| - QueryContext.Copy |
| - Ref.ConstantPrefix |
| - Ref.Copy |
| - Ref.Dynamic |
| - Ref.Extend |
| - Ref.OutputVars |
| - Rule.Copy |
| - SetComprehension.Copy |
| - SomeDecl.Copy |
| - Term.Copy |
| - Term.Vars |
| - Transform |
| - TransformComprehensions |
| - TransformRefs |
| - TransformVars |
| - TreeNode.DepthFirst |
| - TypeEnv.Get |
| - Unify |
| - ValueMap.Copy |
| - ValueMap.Equal |
| - ValueMap.Hash |
| - ValueMap.Iter |
| - ValueMap.MarshalJSON |
| - ValueMap.String |
| - ValueToInterface |
| - VarVisitor.Walk |
| - Walk |
| - WalkBeforeAndAfter |
| - WalkBodies |
| - WalkClosures |
| - WalkExprs |
| - WalkNodes |
| - WalkRefs |
| - WalkRules |
| - WalkTerms |
| - WalkVars |
| - WalkWiths |
| - With.Copy |
| - baseDocEqIndex.AllRules |
| - baseDocEqIndex.Build |
| - baseDocEqIndex.Lookup |
| - bodySafetyTransformer.Visit |
| - comprehensionIndexNestedCandidateVisitor.Walk |
| - comprehensionIndexRegressionCheckVisitor.Walk |
| - metadataParser.Parse |
| - object.Copy |
| - object.Diff |
| - object.Filter |
| - object.Foreach |
| - object.Intersect |
| - object.Iter |
| - object.Map |
| - object.Merge |
| - object.MergeWith |
| - object.Until |
| - queryCompiler.Compile |
| - refChecker.Visit |
| - refindices.Sorted |
| - refindices.Update |
| - rewriteNestedHeadVarLocalTransform.Visit |
| - ruleArgLocalRewriter.Visit |
| - ruleWalker.Do |
| - set.Copy |
| - set.Diff |
| - set.Foreach |
| - set.Intersect |
| - set.Iter |
| - set.Map |
| - set.Reduce |
| - set.Union |
| - set.Until |
| - trieNode.Do |
| - trieNode.Traverse |
| - trieTraversalResult.Add |
| - typeChecker.CheckBody |
| - typeChecker.CheckTypes |
| summary: Denial of service in github.com/open-policy-agent/opa |
| description: |- |
| An issue in the AST parser of Open Policy Agent makes it possible for attackers |
| to cause a Denial of Service attack from a crafted input. |
| published: 2022-07-01T00:01:03Z |
| cves: |
| - CVE-2022-33082 |
| ghsas: |
| - GHSA-2m4x-4q9j-w97g |
| references: |
| - fix: https://github.com/open-policy-agent/opa/pull/4701 |
| - fix: https://github.com/open-policy-agent/opa/commit/064f6168a8dfebdeb2ea147f7882bb9f5d2b7f67 |
| - web: https://github.com/open-policy-agent/opa/issues/4762 |
| review_status: REVIEWED |