The phonenumber parsing code may panic due to a reachable assert!
guard on the phonenumber string.
In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form +dwPAA;phone-context=AA
, where the "number" part potentially parses as a number larger than 2^56.
Since f69abee1/0.3.4/#52.
0.2.x series is not affected.
Patches have been published as version 0.3.6+8.13.36
.
{ "license": "CC0-1.0" }