GO-2022-0587
- Source
- https://pkg.go.dev/vuln/GO-2022-0587
- Import Source
- https://vuln.go.dev/ID/GO-2022-0587.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GO-2022-0587
- Aliases
- Published
- 2022-05-20T00:00:26Z
- Modified
- 2024-09-11T06:12:57.071954Z
- Summary
- Out of bounds memory access in github.com/open-policy-agent/opa
- Details
-
An issue in ast.Parser in Open Policy Agent causes the application to incorrectly interpret expressions, allowing a Denial of Service (DoS) via triggering out-of-range memory access.
- Database specific
{ "url": "https://pkg.go.dev/vuln/GO-2022-0587", "review_status": "REVIEWED" }- References
- Credits
-
-
- Norbert Szetei of Doyensec
-
Affected packages
Go / github.com/open-policy-agent/opa
Package
- Name
- github.com/open-policy-agent/opa
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/open-policy-agent/opa
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.40.0
Ecosystem specific
{
"imports": [
{
"symbols": [
"CompileModules",
"CompileModulesWithOpt",
"MustCompileModules",
"MustCompileModulesWithOpts",
"MustParseBody",
"MustParseBodyWithOpts",
"MustParseExpr",
"MustParseImports",
"MustParseModule",
"MustParseModuleWithOpts",
"MustParsePackage",
"MustParseRef",
"MustParseRule",
"MustParseStatement",
"MustParseStatements",
"MustParseTerm",
"ParseBody",
"ParseBodyWithOpts",
"ParseExpr",
"ParseImports",
"ParseModule",
"ParseModuleWithOpts",
"ParsePackage",
"ParseRef",
"ParseRule",
"ParseStatement",
"ParseStatements",
"ParseStatementsWithOpts",
"ParseTerm",
"Parser.Parse",
"Parser.parseEvery",
"Parser.parseSome",
"metadataParser.Parse"
],
"path": "github.com/open-policy-agent/opa/ast"
}
]
}