CVE-2023-42444

CVSS 3.1 Score 8.6 of 10 (high)

Details

Published Sep 19, 2023
Updated: Sep 22, 2023
CWE ID 392
CWE ID 248
CWE ID 1284

Summary

CVE-2023-42444 is a vulnerability affecting the phonenumber library prior to versions 0.3.3+8.13.9 and 0.2.5+8.11.3. This vulnerability arises from a panic-guarded out-of-bounds access on the phonenumber string, which can be triggered by sending a maliciously crafted phonenumber over the network, specifically the string `.;phone-context=`. The affected products include swtrb9, swtrb_, swtrb-, swtrcE, swtrcB, swtrcA, swtrcD, and swtrcC. To remediate this issue, users should update to versions 0.3.3+8.13.9 or 0.2.5+8.11.3, as these versions contain a patch for the vulnerability. This vulnerability poses a high danger to organizations as it has a base severity score of 8.6 out of 10 and an impact score of 4.0 out of 10 according to CVSS:3.1 metrics provided by [email protected].

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-42444 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options