Approved changes feed: RSS · Atom

cpe:2.3:a:0x676e67:vproxy:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor0X676E67 (f2c96753-6a72-5ce2-ad7d-76a38392aab6)
ProductVproxy (5953b7c6-8451-5b64-949c-68edee4f0708)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-54581 vulnerable 2026-06-08 07:33:12.879998 vproxy is vulnerable to a divide by zero DoS attack
HIGH (7.5)
vproxy is an HTTP/HTTPS/SOCKS5 proxy server. In versions 2.3.3 and below, untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::try_from and flows into parse_ttl_extension where it is parsed as a TTL value. If an attacker supplies a TTL of zero (e.g. by using a username such as 'configuredUser-ttl-0'), the modulo operation 'timestamp % ttl' will cause a division by zero panic, causing the server to crash causing a denial-of-service. This is fixed in version 2.4.0.
Published: 2025-07-30T19:57:46.454Z
Updated: 2025-07-30T20:23:36.826Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.