rofl0r/proxychains-ng

6.9 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Description

rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxy_from_string() located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password fields, the application may write beyond the bounds of fixed-size stack buffers, leading to memory corruption or crashes. This vulnerability may allow denial of service and, under certain conditions, could be leveraged for further exploitation depending on the execution environment and applied mitigations.

Basic Information

ID CVE-2025-34451

Source VulnCheck

Published Dec 18, 2025 at 21:16

Modified Dec 18, 2025 at 21:38

Affected Product

Vendor rofl0r

Product proxychains-ng

Affected Versions rofl0r proxychains-ng 0

CWE Classification

CWE-121

References

{
    "lastseen": "",
    "description": "rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxy_from_string() located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password fields, the application may write beyond the bounds of fixed-size stack buffers, leading to memory corruption or crashes. This vulnerability may allow denial of service and, under certain conditions, could be leveraged for further exploitation depending on the execution environment and applied mitigations.",
    "published": "2025-12-18T21:16:18.730Z",
    "modified": "2025-12-18T21:38:07.266Z",
    "type": "cve",
    "title": "rofl0r/proxychains-ng <= 4.17 Stack-based Buffer Overflow",
    "source": "VulnCheck",
    "references": "https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-008-proxychains-ng-stack-buffer-overflow-proxy_from_string.md\nhttps://github.com/rofl0r/proxychains-ng/issues/606\nhttps://github.com/httpsgithu/proxychains-ng/commit/cc005b7\nhttps://www.vulncheck.com/advisories/rofl0r-proxychains-ng-stack-based-buffer-overflow",
    "id": "CVE-2025-34451",
    "bulletinFamily": "",
    "cwe": [
        "CWE-121"
    ],
    "cvelist": null,
    "sourceData": "rofl0r proxychains-ng 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "proxychains-ng",
    "version": "0",
    "vendor": "rofl0r",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

rofl0r/proxychains-ng <= 4.17 Stack-based Buffer Overflow_CVE-2025-34451