CVE-2024-39697

HIGH Year: 2024
CVSS v3 Score
8.6
High
Weakness Type
CWE-284
View all →

Vulnerability Description

phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form `+dwPAA;phone-context=AA`, where the "number" part potentially parses as a number larger than 2^56. This vulnerability is fixed in 0.3.6.

Related Vulnerabilities

CVE-2016-10124

HIGH
CVSS:8.6(High)

An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push ch...

CWE-2842016

CVE-2016-5574

HIGH
CVSS:8.6(High)

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and avai...

CWE-2842016

CVE-2016-5577

HIGH
CVSS:8.6(High)

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and avai...

CWE-2842016

CVE-2016-5578

HIGH
CVSS:8.6(High)

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and avai...

CWE-2842016

CVE-2016-5579

HIGH
CVSS:8.6(High)

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and avai...

CWE-2842016

CVE-2016-5588

HIGH
CVSS:8.6(High)

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and avai...

CWE-2842016