phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions 0.3.3+8.13.9 and 0.2.5+8.11.3, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string .;phone-context=. Versions 0.3.3+8.13.9 and 0.2.5+8.11.3 contain a patch for this issue. There are no known workarounds.
An exception is thrown from a function, but it is not caught.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Phonenumber | Whisperfish | * | 0.2.5+8.11.3 (excluding) |
| Phonenumber | Whisperfish | 0.3.0+8.12.9 (including) | 0.3.3+8.13.9 (excluding) |