Lucene search

[email protected]CVE-2022-28946

HistoryMay 19, 2022 - 7:15 p.m.

CVE-2022-28946

2022-05-1919:15:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2022-28946

open policy agent

nvd

security

vulnerability

dos

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

37.5%

JSON

An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access.

CPENameOperatorVersion
openpolicyagent:open_policy_agentopenpolicyagent open policy agenteq0.39.0

CPE	Name	Operator	Version
openpolicyagent:open_policy_agent	openpolicyagent open policy agent	eq	0.39.0

References

github.com/open-policy-agent/opa/commit/e9d3828db670cbe11129885f37f08cbf04935264

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

37.5%

JSON

Related for CVE-2022-28946

github1 osv3 veracode1 cnvd1 prion1 openvas1 suse2