Sno2

**Name of the Vulnerable Software and Affected Versions** phonenumber versions prior to 0.3.3+8.13.9 phonenumber versions prior to 0.2.5+8.11.3 **Description** The phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string `.;phone-context=`. **Recommendations** For versions prior to 0.3.3+8.13.9, update to version 0.3.3+8.13.9 to resolve the issue. For versions prior to 0.2.5+8.11.3, update to version 0.2.5+8.11.3 to resolve the issue. As a temporary workaround, consider restricting the input of phone numbers to prevent maliciously crafted strings from being processed. Avoid using the string `.;phone-context=` in the phonenumber parsing code until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** formula versions prior to 3.0.1 **Description** The issue arises when crafted user-provided strings are parsed by the formula parser, potentially leading to polynomial execution time and a denial of service. There are no known workarounds for this issue. **Recommendations** For versions prior to 3.0.1, users should upgrade to 3.0.1 or later to resolve the issue. As a temporary workaround, consider restricting the input to the formula parser to minimize the risk of exploitation.