CVE-2022-28946 — Vulnetix

CVE-2022-28946 PUBLISHED CVSS 5 MEDIUM

An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access.

EPSS 0.43% · 62.5th percentile

Risk Scores

CVSS v2.0

EPSS Score

0.43%

62.5th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
github.com	open-policy-agent/opa	0
Cloudflare	access
openpolicyagent	open_policy_agent	0.39.0

Timeline

May 19, 2022 CVE Published
May 20, 2022 EPSS Score
Jul 7, 2022 EPSS Score
Aug 26, 2022 EPSS Score
Oct 13, 2022 EPSS Score
Dec 1, 2022 EPSS Score
Jan 18, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 25, 2023 EPSS Score
Jun 12, 2023 EPSS Score
Jul 30, 2023 EPSS Score
Sep 17, 2023 EPSS Score

References

https://github.com/open-policy-agent/opa/commit/e9d3828db670cbe11129885f37f08cbf04935264 url
https://nvd.nist.gov/vuln/detail/CVE-2022-28946 advisory
https://github.com/open-policy-agent/opa/pull/4548 url
https://github.com/open-policy-agent/opa package
https://pkg.go.dev/vuln/GO-2022-0587 url

Open in Interactive Console →