CVE-2023-42444: 
Rust vulnerability analysis and mitigation

The vulnerability (CVE-2023-42444) affects the rust-phonenumber library, which is used for parsing, formatting, and validating international phone numbers. The issue was discovered and disclosed on September 19, 2023. The vulnerability affects versions prior to 0.3.3+8.13.9 and 0.2.5+8.11.3 (Vendor Advisory).

The vulnerability is related to a panic-guarded out-of-bounds access on the phonenumber string during parsing. The issue has been assigned a CVSS v3.1 base score of 8.6 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H. The vulnerability is associated with multiple CWE classifications including CWE-1284 (Improper Validation of Specified Quantity in Input), CWE-392 (Missing Report of Error Condition), and CWE-248 (Uncaught Exception) (NVD).

When exploited, this vulnerability can cause the application to crash through a panic in the phonenumber parsing code. In a typical deployment scenario, this can be triggered remotely by sending a maliciously crafted phonenumber string, specifically '.;phone-context=' (Vendor Advisory).

The vulnerability has been patched in versions 0.3.3+8.13.9 and 0.2.5+8.11.3. Users should upgrade to these or later versions. No workarounds are available for unpatched versions (Vendor Advisory).