The phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string.
In a typical deployment of rust-phonenumber
, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string .;phone-context=
.
Patches will be published as version 0.3.3+8.13.9
and backported as 0.2.5+8.11.3
.
n.a.
n.a.
{ "nvd_published_at": "2023-09-19T15:15:56Z", "cwe_ids": [ "CWE-1284", "CWE-248", "CWE-392" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-09-21T17:10:57Z" }