Name of the Vulnerable Software and Affected Versions:

vproxy versions 2.3.3 and below

Description:

vproxy is an HTTP/HTTPS/SOCKS5 proxy server. Untrusted data from the user-controlled HTTP Proxy-Authorization header is passed to `Extension::try from` and then to `parse ttl extension` where it is parsed as a TTL value. Supplying a TTL value of zero via the `username` in the Proxy-Authorization header (e.g., 'configuredUser-ttl-0') causes a division by zero panic in the `timestamp % ttl` modulo operation, leading to a denial-of-service condition and server crash.

Recommendations:

Upgrade to vproxy version 2.4.0 or later.