CVE-2025-10954

CVSS 6.9 MEDIUMEPSS 0.4%CWE-1286

Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse() function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range".

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Affected products

n/a · github.com/nyaruka/phonenumbers

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/nyaruka/phonenumbers/commit/0479e35488e8a002a261cdb515ef8a7f80ca37fe https://github.com/nyaruka/phonenumbers/issues/148 https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMNYARUKAPHONENUMBERS-6084070