{"id":"GO-2022-0574","summary":"Denial of service in github.com/open-policy-agent/opa","details":"An issue in the AST parser of Open Policy Agent makes it possible for attackers to cause a Denial of Service attack from a crafted input.","aliases":["CVE-2022-33082","GHSA-2m4x-4q9j-w97g"],"modified":"2026-02-04T02:29:50.893849Z","published":"2022-07-01T00:01:03Z","related":["CGA-gwh3-f537-q6ff"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-0574","review_status":"REVIEWED"},"references":[{"type":"FIX","url":"https://github.com/open-policy-agent/opa/pull/4701"},{"type":"FIX","url":"https://github.com/open-policy-agent/opa/commit/064f6168a8dfebdeb2ea147f7882bb9f5d2b7f67"},{"type":"WEB","url":"https://github.com/open-policy-agent/opa/issues/4762"}],"affected":[{"package":{"name":"github.com/open-policy-agent/opa","ecosystem":"Go","purl":"pkg:golang/github.com/open-policy-agent/opa"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.42.0"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/open-policy-agent/opa/ast","symbols":["Args.Copy","Args.Vars","Array.Copy","Array.Foreach","Array.Iter","Array.Until","ArrayComprehension.Copy","BeforeAfterVisitor.Walk","Body.Copy","Body.Vars","Call.Copy","CompileModules","CompileModulesWithOpt","Compiler.Compile","Compiler.GetRulesDynamic","Compiler.GetRulesDynamicWithOpts","Compiler.PassesTypeCheck","ContainsClosures","ContainsComprehensions","ContainsRefs","Copy","Every.Copy","Every.KeyValueVars","Expr.Copy","Expr.CopyWithoutTerms","Expr.Vars","GenericTransformer.Transform","GenericVisitor.Walk","Head.Copy","Head.Vars","Import.Copy","IsConstant","JSON","JSONWithOpt","Module.Copy","Module.UnmarshalJSON","MustCompileModules","MustCompileModulesWithOpts","MustJSON","MustParseBody","MustParseBodyWithOpts","MustParseExpr","MustParseImports","MustParseModule","MustParseModuleWithOpts","MustParsePackage","MustParseRef","MustParseRule","MustParseStatement","MustParseStatements","MustParseTerm","NewGraph","ObjectComprehension.Copy","OutputVarsFromBody","OutputVarsFromExpr","Package.Copy","ParseBody","ParseBodyWithOpts","ParseExpr","ParseImports","ParseModule","ParseModuleWithOpts","ParsePackage","ParseRef","ParseRule","ParseStatement","ParseStatements","ParseStatementsWithOpts","ParseTerm","Parser.Parse","Pretty","QueryContext.Copy","Ref.ConstantPrefix","Ref.Copy","Ref.Dynamic","Ref.Extend","Ref.OutputVars","Rule.Copy","SetComprehension.Copy","SomeDecl.Copy","Term.Copy","Term.Vars","Transform","TransformComprehensions","TransformRefs","TransformVars","TreeNode.DepthFirst","TypeEnv.Get","Unify","ValueMap.Copy","ValueMap.Equal","ValueMap.Hash","ValueMap.Iter","ValueMap.MarshalJSON","ValueMap.String","ValueToInterface","VarVisitor.Walk","Walk","WalkBeforeAndAfter","WalkBodies","WalkClosures","WalkExprs","WalkNodes","WalkRefs","WalkRules","WalkTerms","WalkVars","WalkWiths","With.Copy","baseDocEqIndex.AllRules","baseDocEqIndex.Build","baseDocEqIndex.Lookup","bodySafetyTransformer.Visit","comprehensionIndexNestedCandidateVisitor.Walk","comprehensionIndexRegressionCheckVisitor.Walk","metadataParser.Parse","object.Copy","object.Diff","object.Filter","object.Foreach","object.Intersect","object.Iter","object.Map","object.Merge","object.MergeWith","object.Until","queryCompiler.Compile","refChecker.Visit","refindices.Sorted","refindices.Update","rewriteDeclaredVarsInTerm","rewriteNestedHeadVarLocalTransform.Visit","ruleArgLocalRewriter.Visit","ruleWalker.Do","set.Copy","set.Diff","set.Foreach","set.Intersect","set.Iter","set.Map","set.Reduce","set.Union","set.Until","trieNode.Do","trieNode.Traverse","trieTraversalResult.Add","typeChecker.CheckBody","typeChecker.CheckTypes"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2022-0574.json"}}],"schema_version":"1.7.3"}