Approved changes feed: RSS · Atom
cpe:2.3:a:0x676e67:vproxy:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | 0X676E67 (f2c96753-6a72-5ce2-ad7d-76a38392aab6) |
|---|---|
| Product | Vproxy (5953b7c6-8451-5b64-949c-68edee4f0708) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-54581 |
vulnerable | 2026-06-08 07:33:12.879998 |
vproxy is vulnerable to a divide by zero DoS attack
HIGH (7.5)
vproxy is an HTTP/HTTPS/SOCKS5 proxy server. In versions 2.3.3 and below, untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::try_from and flows into parse_ttl_extension where it is parsed as a TTL value. If an attacker supplies a TTL of zero (e.g. by using a username such as 'configuredUser-ttl-0'), the modulo operation 'timestamp % ttl' will cause a division by zero panic, causing the server to crash causing a denial-of-service. This is fixed in version 2.4.0.
Published: 2025-07-30T19:57:46.454Z
Updated: 2025-07-30T20:23:36.826Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.