Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
vproxy is vulnerable to a divide by zero DoS attack
Vulnerability Description
vproxy is an HTTP/HTTPS/SOCKS5 proxy server. In versions 2.3.3 and below, untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::try_from and flows into parse_ttl_extension where it is parsed as a TTL value. If an attacker supplies a TTL of zero (e.g. by using a username such as 'configuredUser-ttl-0'), the modulo operation 'timestamp % ttl' will cause a division by zero panic, causing the server to crash causing a denial-of-service. This is fixed in version 2.4.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
除零错误
Vulnerability Title
vproxy 数字错误漏洞
Vulnerability Description
vproxy是0x676e67个人开发者的一个高性能的HTTP/HTTPS/SOCKS5代理服务器软件。 vproxy 2.3.3及之前版本存在数字错误漏洞,该漏洞源于处理Proxy-Authorization标头时可能导致除零崩溃,导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A