Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
phonenumber panics on parsing crafted phonenumber inputs
Vulnerability Description
phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form `+dwPAA;phone-context=AA`, where the "number" part potentially parses as a number larger than 2^56. This vulnerability is fixed in 0.3.6.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Vulnerability Type
访问控制不恰当
Vulnerability Title
phonenumber 安全漏洞
Vulnerability Description
phonenumber是Whisperfish开源的一个用于解析、格式化和验证国际电话号码的库。 phonenumber 0.3.4版本至0.3.6之前版本存在安全漏洞,该漏洞源于存在越界访问。
CVSS Information
N/A
Vulnerability Type
N/A