{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-14T09:53:11.338","vulnerabilities":[{"cve":{"id":"CVE-2025-54581","sourceIdentifier":"security-advisories@github.com","published":"2025-07-30T20:15:37.907","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"vproxy is an HTTP/HTTPS/SOCKS5 proxy server. In versions 2.3.3 and below, untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::try_from and flows into parse_ttl_extension where it is parsed as a TTL value. If an attacker supplies a TTL of zero (e.g. by using a username such as 'configuredUser-ttl-0'), the modulo operation 'timestamp % ttl' will cause a division by zero panic, causing the server to crash causing a denial-of-service. This is fixed in version 2.4.0."},{"lang":"es","value":"vproxy es un servidor proxy HTTP/HTTPS/SOCKS5. En las versiones 2.3.3 y anteriores, los datos no confiables se extraen del encabezado HTTP Proxy-Authorization, controlado por el usuario, se pasan a Extension::try_from y fluyen a parse_ttl_extension, donde se analizan como un valor TTL. Si un atacante proporciona un valor TTL de cero (por ejemplo, usando un nombre de usuario como 'configuredUser-ttl-0'), la operación de módulo 'timestamp % ttl' provocará un pánico por división por cero, lo que provocará el bloqueo del servidor y una denegación de servicio. Esto se solucionó en la versión 2.4.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-369"}]}],"references":[{"url":"https://github.com/0x676e67/vproxy/commit/aa1bf64c5e7f1c471395f9f29175ffc1b16a1079","source":"security-advisories@github.com"},{"url":"https://github.com/0x676e67/vproxy/releases/tag/v2.4.0","source":"security-advisories@github.com"},{"url":"https://github.com/0x676e67/vproxy/security/advisories/GHSA-7h24-c332-p48c","source":"security-advisories@github.com"}]}}]}