High severityNVD Advisory· Published May 19, 2022· Updated Aug 3, 2024
CVE-2022-28946
CVE-2022-28946
Description
An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/open-policy-agent/opaGo | < 0.40.0 | 0.40.0 |
Affected products
10- Open Policy Agent/Open Policy Agentdescription
- osv-coords9 versionspkg:apk/chainguard/opapkg:apk/wolfi/opapkg:golang/github.com/open-policy-agent/opapkg:rpm/opensuse/starboard&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/trivy&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/trivy&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/trivy&distro=openSUSE%20Tumbleweedpkg:rpm/suse/trivy&distro=SUSE%20Package%20Hub%2015%20SP3pkg:rpm/suse/trivy&distro=SUSE%20Package%20Hub%2015%20SP4
< 0.64.1-r1+ 8 more
- (no CPE)range: < 0.64.1-r1
- (no CPE)range: < 0.64.1-r1
- (no CPE)range: < 0.40.0
- (no CPE)range: < 0.15.6-1.1
- (no CPE)range: < 0.30.4-bp153.8.1
- (no CPE)range: < 0.28.0-bp154.2.3.1
- (no CPE)range: < 0.28.0-1.1
- (no CPE)range: < 0.30.4-bp153.8.1
- (no CPE)range: < 0.28.0-bp154.2.3.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-x7f3-62pm-9p38ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-28946ghsaADVISORY
- github.com/open-policy-agent/opa/commit/e9d3828db670cbe11129885f37f08cbf04935264ghsax_refsource_MISCWEB
- github.com/open-policy-agent/opa/pull/4548ghsaWEB
- pkg.go.dev/vuln/GO-2022-0587ghsaWEB
News mentions
0No linked articles in our index yet.