blob: 7a38bcbe2b1ae87fe728cb8f9ac8043177b8e600 [file] [log] [blame]
id: GO-2022-0587
modules:
- module: github.com/open-policy-agent/opa
versions:
- fixed: 0.40.0
vulnerable_at: 0.39.0
packages:
- package: github.com/open-policy-agent/opa/ast
symbols:
- Parser.parseSome
- Parser.parseEvery
derived_symbols:
- CompileModules
- CompileModulesWithOpt
- MustCompileModules
- MustCompileModulesWithOpts
- MustParseBody
- MustParseBodyWithOpts
- MustParseExpr
- MustParseImports
- MustParseModule
- MustParseModuleWithOpts
- MustParsePackage
- MustParseRef
- MustParseRule
- MustParseStatement
- MustParseStatements
- MustParseTerm
- ParseBody
- ParseBodyWithOpts
- ParseExpr
- ParseImports
- ParseModule
- ParseModuleWithOpts
- ParsePackage
- ParseRef
- ParseRule
- ParseStatement
- ParseStatements
- ParseStatementsWithOpts
- ParseTerm
- Parser.Parse
- metadataParser.Parse
summary: Out of bounds memory access in github.com/open-policy-agent/opa
description: |-
An issue in ast.Parser in Open Policy Agent causes the application to
incorrectly interpret expressions, allowing a Denial of Service (DoS) via
triggering out-of-range memory access.
published: 2022-05-20T00:00:26Z
cves:
- CVE-2022-28946
ghsas:
- GHSA-x7f3-62pm-9p38
credits:
- Norbert Szetei of Doyensec
references:
- fix: https://github.com/open-policy-agent/opa/pull/4548
- fix: https://github.com/open-policy-agent/opa/commit/e9d3828db670cbe11129885f37f08cbf04935264
review_status: REVIEWED