Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
phonenumber panics on parsing crafted RF3966 inputs
Vulnerability Description
phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions `0.3.3+8.13.9` and `0.2.5+8.11.3`, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of `rust-phonenumber`, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string `.;phone-context=`. Versions `0.3.3+8.13.9` and `0.2.5+8.11.3` contain a patch for this issue. There are no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Vulnerability Type
未捕获的异常
Vulnerability Title
phonenumber 安全漏洞
Vulnerability Description
phonenumber是Whisperfish开源的一个用于解析、格式化和验证国际电话号码的库。 phonenumber 0.3.3之前版本存在安全漏洞,该漏洞源于phone numbers字符串上的紧急保护存在越界访问,phonenumber解析代码时可能会发生紧急情况。 在典型的部署中rust-phonenumber,这可能是通过通过网络提供恶意制作的电话号码(特别是字符串)来触发的.;phone-context=。。
CVSS Information
N/A
Vulnerability Type
N/A