Vulnerability Key Information Summary Title: Integer overflow in port parsing allows filter bypass Affected Version: Latest version of TinyProxy Bug Description: - TinyProxy uses with format to parse the port number without checking for range. - Sending a port like can cause an integer overflow and wrap it back to . Impact: - Security Bypass: Attackers can bypass security controls and filter rules that depend on host and port matching. - Privilege Escalation: Unauthorized access to backend systems if TinyProxy acts as a gateway. Proof of Concept: 1. Setup TinyProxy to block port . 2. Create a backend Flask server. 3. Send a normal request – gets blocked. 4. Bypass using integer overflow: Send a request with port number exceeding which wraps back within range and passes filter. Remediation: - Add explicit port range validation using . - Proposed fix: Use instead of and check the returned value and for overflow.