HIGH🇬🇧 English

CVE-2023-42444

CVSS 8.6v3.1pub. 2023-09-19upd. 2024-11-21

phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions `0.3.3+8.13.9` and `0.2.5+8.11.3`, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of `rust-phonenumber`, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string `.;phone-context=`. Versions `0.3.3+8.13.9` and `0.2.5+8.11.3` contain a patch for this issue. There are no known workarounds.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
  • Whisperfish Phonenumber

    APP
    Whisperfish
    < 0.2.5\+8.11.30.3.0\+8.12.9 – 0.3.3\+8.13.9 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Memory
CWE
Referencje

Powiązane podatności

CVE-2023-42447HIGH8.6ten sam vendor

blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that ca...