2423732 – (CVE-2025-34451) CVE-2025-34451 proxychains-ng: proxychains-ng: Denial of Service due to stack-based buffer overflow via crafted proxy configuration

Bug 2423732 (CVE-2025-34451) - CVE-2025-34451 proxychains-ng: proxychains-ng: Denial of Service due to stack-based buffer overflow via crafted proxy configuration

Summary: CVE-2025-34451 proxychains-ng: proxychains-ng: Denial of Service due to stack...

Keywords:
Status:	NEW
Alias:	CVE-2025-34451
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2423793 2423794 2423795 2423796 2423797
Blocks:
TreeView+	depends on / blocked

Reported:	2025-12-18 22:02 UTC by OSIDB Bzimport
Modified:	2025-12-19 06:49 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-12-18 22:02:11 UTC

rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxy_from_string() located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password fields, the application may write beyond the bounds of fixed-size stack buffers, leading to memory corruption or crashes. This vulnerability may allow denial of service and, under certain conditions, could be leveraged for further exploitation depending on the execution environment and applied mitigations.

Note You need to log in before you can comment on or make changes to this bug.