Lucene search
PRIOn knowledge basePRION:CVE-2023-42444HistorySep 19, 2023 - 3:15 p.m.
Out-of-bounds
2023-09-1915:15:00
PRIOn knowledge base
www.prio-n.com
9
out-of-bounds access
phonenumber parsing
international phone numbers
panic-guarded
network vulnerability
patch
nvd
0.001 Low
EPSS
Percentile
20.2%
phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions 0.3.3+8.13.9 and 0.2.5+8.11.3, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string .;phone-context=. Versions 0.3.3+8.13.9 and 0.2.5+8.11.3 contain a patch for this issue. There are no known workarounds.
| CPE | Name | Operator | Version |
|---|---|---|---|
| phonenumber | eq | < 0.2.58.11.3 | |
| phonenumber | eq | >= 0.3.8.12.9 AND < 0.3.38.13.9 |
Related
cve
cve
CVE-2023-42444
2023-09-19 15:15:56
cvelist
cvelist
CVE-2023-42444 phonenumber panics on parsing crafted RF3966 inputs
2023-09-19 14:47:22
nvd
nvd
CVE-2023-42444
2023-09-19 15:15:56
github
github
phonenumber panics on parsing crafted RFC3966 inputs
2023-09-21 17:10:57
osv
osv
phonenumber panics on parsing crafted RFC3966 inputs
2023-09-21 17:10:57
phonenumber: panic on parsing crafted RF3966 phonenumber inputs
2023-09-19 12:00:00
CVE-2023-42444
2023-09-19 15:15:56