CVE-2023-42444

🗓️ 19 Sep 2023 14:47:22Reported by GitHub_MType

phonenumber library prior to versions 0.3.3+8.13.9 and 0.2.5+8.11.3 allows panic-guarded out-of-bounds access on the phone number string, triggering with a maliciously crafted input

Reporter	Title	Published	Views	Family All 15
Circl	CVE-2023-42444	19 Sep 202318:29	–	circl
CNNVD	phonenumber Security Vulnerabilities	19 Sep 202300:00	–	cnnvd
Cvelist	CVE-2023-42444 phonenumber panics on parsing crafted RF3966 inputs	19 Sep 202314:47	–	cvelist
EUVD	EUVD-2023-2608	3 Oct 202520:07	–	euvd
Github Security Blog	phonenumber panics on parsing crafted RFC3966 inputs	21 Sep 202317:10	–	github
NVD	CVE-2023-42444	19 Sep 202315:15	–	nvd
OSV	CVE-2023-42444 phonenumber panics on parsing crafted RF3966 inputs	19 Sep 202314:47	–	osv
OSV	GHSA-WHHR-7F2W-QQJ2 phonenumber panics on parsing crafted RFC3966 inputs	21 Sep 202317:10	–	osv
OSV	RUSTSEC-2023-0082 phonenumber: panic on parsing crafted RF3966 phonenumber inputs	19 Sep 202312:00	–	osv
Prion	Out-of-bounds	19 Sep 202315:15	–	prion

NVD

Vulners

Node

whisperfish phonenumberRange<0.2.5+8.11.3rust

whisperfish phonenumberRange0.3.0+8.12.9–0.3.3+8.13.9rust

[
  {
    "vendor": "whisperfish",
    "product": "rust-phonenumber",
    "versions": [
      {
        "version": "< 0.2.5+8.11.3",
        "status": "affected"
      },
      {
        "version": ">= 0.3.0, < 0.3.3+8.3.19",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/whisperfish/rust-phonenumber/security/advisories/GHSA-whhr-7f2w-qqj2
github	www.github.com/whisperfish/rust-phonenumber/commit/2dd44be94539c051b4dee55d1d9d349bd7bedde6
github	www.github.com/whisperfish/rust-phonenumber/commit/bea8e732b9cada617ede5cf51663dba183747f71

21 Nov 2024 08:22Current

8High risk

Vulners AI Score8

CVSS 3.17.5 - 8.6

EPSS0.00552

SSVC

cve-2023-42444 phonenumber library parsing formatting validating international phone numbers security vulnerability rust-phonenumber patch