{"id":"CVE-2025-10954","details":"Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse() function. An attacker can cause a panic by providing crafted input causing a \"runtime error: slice bounds out of range\".","aliases":["GHSA-fmjh-f678-cv3x","GO-2025-3987"],"modified":"2026-03-23T05:13:10.277514Z","published":"2025-09-27T05:15:29.803Z","related":["CGA-4wc2-wjqc-6ccm","openSUSE-SU-2025:15710-1"],"references":[{"type":"FIX","url":"https://github.com/nyaruka/phonenumbers/commit/0479e35488e8a002a261cdb515ef8a7f80ca37fe"},{"type":"FIX","url":"https://github.com/nyaruka/phonenumbers/issues/148"},{"type":"EVIDENCE","url":"https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMNYARUKAPHONENUMBERS-6084070"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nyaruka/phonenumbers","events":[{"introduced":"0"},{"fixed":"aa880baf71ec781da2a48da676df8352ac4eb3fc"},{"fixed":"0479e35488e8a002a261cdb515ef8a7f80ca37fe"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.2.2"}]}}],"versions":["v0.1.0","v0.1.1","v0.1.891","v1.0.0","v1.0.1","v1.0.10","v1.0.11","v1.0.12","v1.0.13","v1.0.14","v1.0.15","v1.0.16","v1.0.17","v1.0.18","v1.0.19","v1.0.2","v1.0.20","v1.0.21","v1.0.22","v1.0.23","v1.0.24","v1.0.25","v1.0.26","v1.0.27","v1.0.28","v1.0.29","v1.0.3","v1.0.30","v1.0.31","v1.0.32","v1.0.33","v1.0.34","v1.0.35","v1.0.36","v1.0.37","v1.0.38","v1.0.39","v1.0.4","v1.0.40","v1.0.41","v1.0.42","v1.0.43","v1.0.44","v1.0.45","v1.0.46","v1.0.47","v1.0.48","v1.0.49","v1.0.5","v1.0.50","v1.0.51","v1.0.52","v1.0.53","v1.0.54","v1.0.55","v1.0.56","v1.0.57","v1.0.58","v1.0.59","v1.0.6","v1.0.60","v1.0.61","v1.0.62","v1.0.63","v1.0.64","v1.0.65","v1.0.66","v1.0.67","v1.0.68","v1.0.69","v1.0.7","v1.0.70","v1.0.71","v1.0.72","v1.0.73","v1.0.74","v1.0.75","v1.0.8","v1.0.9","v1.1.0","v1.1.1","v1.1.2","v1.1.3","v1.1.4","v1.1.5","v1.1.6","v1.1.7","v1.1.8","v1.1.9","v1.2.0","v1.2.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-10954.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}