{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T00:32:01.131","vulnerabilities":[{"cve":{"id":"CVE-2023-42444","sourceIdentifier":"security-advisories@github.com","published":"2023-09-19T15:15:56.660","lastModified":"2026-06-17T06:23:50.550","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions `0.3.3+8.13.9` and `0.2.5+8.11.3`, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of `rust-phonenumber`, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string `.;phone-context=`. Versions `0.3.3+8.13.9` and `0.2.5+8.11.3` contain a patch for this issue. There are no known workarounds."},{"lang":"es","value":"Phonenumber es una librería para analizar, formatear y validar números de teléfono internacionales. Antes de las versiones `0.3.3+8.13.9` y `0.2.5+8.11.3`, el código parseado de phonenumber podía entrar en pánico debido a un acceso fuera de los límites protegido contra el pánico en la cadena phonenumber. En una implementación típica de `rust-phonenumber`, esto puede desencadenarse al introducir un phonenumber creado con fines malintencionados a través de la red, específicamente la cadena `.;phone-context=`. Las versiones `0.3.3+8.13.9` y `0.2.5+8.11.3` contienen un parche para este problema. No se conocen workarounds."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"whisperfish","product":"rust-phonenumber","versions":[{"version":"< 0.2.5+8.11.3","status":"affected"},{"version":">= 0.3.0, < 0.3.3+8.3.19","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-09-24T20:46:29.902328Z","id":"CVE-2023-42444","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-248"},{"lang":"en","value":"CWE-392"},{"lang":"en","value":"CWE-1284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:whisperfish:phonenumber:*:*:*:*:*:rust:*:*","versionEndExcluding":"0.2.5\\+8.11.3","matchCriteriaId":"43C3C6E2-A892-4A2B-BABF-1792410DA003"},{"vulnerable":true,"criteria":"cpe:2.3:a:whisperfish:phonenumber:*:*:*:*:*:rust:*:*","versionStartIncluding":"0.3.0\\+8.12.9","versionEndExcluding":"0.3.3\\+8.13.9","matchCriteriaId":"2472D45E-43EB-480B-B550-66DC11713F8F"}]}]}],"references":[{"url":"https://github.com/whisperfish/rust-phonenumber/commit/2dd44be94539c051b4dee55d1d9d349bd7bedde6","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/whisperfish/rust-phonenumber/commit/bea8e732b9cada617ede5cf51663dba183747f71","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/whisperfish/rust-phonenumber/security/advisories/GHSA-whhr-7f2w-qqj2","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/whisperfish/rust-phonenumber/commit/2dd44be94539c051b4dee55d1d9d349bd7bedde6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/whisperfish/rust-phonenumber/commit/bea8e732b9cada617ede5cf51663dba183747f71","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/whisperfish/rust-phonenumber/security/advisories/GHSA-whhr-7f2w-qqj2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}