An issue in ast.Parser in Open Policy Agent causes the application to incorrectly interpret expressions, allowing a Denial of Service (DoS) via triggering out-of-range memory access.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2022-0587" }
{ "imports": [ { "path": "github.com/open-policy-agent/opa/ast", "symbols": [ "CompileModules", "CompileModulesWithOpt", "MustCompileModules", "MustCompileModulesWithOpts", "MustParseBody", "MustParseBodyWithOpts", "MustParseExpr", "MustParseImports", "MustParseModule", "MustParseModuleWithOpts", "MustParsePackage", "MustParseRef", "MustParseRule", "MustParseStatement", "MustParseStatements", "MustParseTerm", "ParseBody", "ParseBodyWithOpts", "ParseExpr", "ParseImports", "ParseModule", "ParseModuleWithOpts", "ParsePackage", "ParseRef", "ParseRule", "ParseStatement", "ParseStatements", "ParseStatementsWithOpts", "ParseTerm", "Parser.Parse", "Parser.parseEvery", "Parser.parseSome", "metadataParser.Parse" ] } ] }