GO-2022-0587

Source
https://pkg.go.dev/vuln/GO-2022-0587
Import Source
https://vuln.go.dev/ID/GO-2022-0587.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2022-0587
Aliases
Published
2022-05-20T00:00:26Z
Modified
2024-09-11T06:12:57.071954Z
Summary
Out of bounds memory access in github.com/open-policy-agent/opa
Details

An issue in ast.Parser in Open Policy Agent causes the application to incorrectly interpret expressions, allowing a Denial of Service (DoS) via triggering out-of-range memory access.

References
Credits
    • Norbert Szetei of Doyensec

Affected packages

Go / github.com/open-policy-agent/opa

Package

Name
github.com/open-policy-agent/opa
View open source insights on deps.dev
Purl
pkg:golang/github.com/open-policy-agent/opa

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.40.0

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/open-policy-agent/opa/ast",
            "symbols": [
                "CompileModules",
                "CompileModulesWithOpt",
                "MustCompileModules",
                "MustCompileModulesWithOpts",
                "MustParseBody",
                "MustParseBodyWithOpts",
                "MustParseExpr",
                "MustParseImports",
                "MustParseModule",
                "MustParseModuleWithOpts",
                "MustParsePackage",
                "MustParseRef",
                "MustParseRule",
                "MustParseStatement",
                "MustParseStatements",
                "MustParseTerm",
                "ParseBody",
                "ParseBodyWithOpts",
                "ParseExpr",
                "ParseImports",
                "ParseModule",
                "ParseModuleWithOpts",
                "ParsePackage",
                "ParseRef",
                "ParseRule",
                "ParseStatement",
                "ParseStatements",
                "ParseStatementsWithOpts",
                "ParseTerm",
                "Parser.Parse",
                "Parser.parseEvery",
                "Parser.parseSome",
                "metadataParser.Parse"
            ]
        }
    ]
}