CVE-2022-28946

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-28946
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-28946.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-28946
Aliases
Downstream
Related
Published
2022-05-19T19:15:07.737Z
Modified
2025-11-14T13:08:41.883464Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access.

References

Affected packages

Git / github.com/open-policy-agent/opa

Affected ranges

Type
GIT
Repo
https://github.com/open-policy-agent/opa
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e9d3828db670cbe11129885f37f08cbf04935264

Affected versions

v0.*

v0.1.0
v0.1.0-rc1
v0.1.0-rc2
v0.1.0-rc3
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.10.6
v0.10.7
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.15.1
v0.16.0
v0.17.0
v0.17.1
v0.17.2
v0.18.0
v0.19.0
v0.19.0-rc1
v0.19.1
v0.2.0
v0.2.1
v0.2.2
v0.20.0
v0.20.1
v0.20.2
v0.21.0
v0.22.0
v0.23.0
v0.24.0
v0.25.0
v0.25.0-rc1
v0.25.0-rc3
v0.25.0-rc4
v0.25.1
v0.25.2
v0.26.0
v0.27.0
v0.27.1
v0.28.0
v0.29.0
v0.29.1
v0.29.2
v0.29.3
v0.29.4
v0.3.0
v0.3.1
v0.30.0
v0.30.0-rc0
v0.30.1
v0.31.0
v0.32.0
v0.33.0
v0.34.0
v0.35.0
v0.36.0
v0.37.0
v0.38.0
v0.39.0
v0.4.0
v0.4.1
v0.4.10
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.4.7
v0.4.8
v0.4.9
v0.5.0
v0.5.1
v0.5.10
v0.5.11
v0.5.12
v0.5.13
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.7.0
v0.7.1
v0.8.0
v0.8.1
v0.8.2
v0.9.0
v0.9.1
v0.9.2
v0.9.3-rc1
v0.9.3-rc2
v0.9.3-rc3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-28946.json"