CVE-2025-34451

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-34451
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-34451.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-34451
Downstream
Published
2025-12-18T22:15:56.320Z
Modified
2026-03-15T21:45:23.189233Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxyfromstring() located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password fields, the application may write beyond the bounds of fixed-size stack buffers, leading to memory corruption or crashes. This vulnerability may allow denial of service and, under certain conditions, could be leveraged for further exploitation depending on the execution environment and applied mitigations.

References

Affected packages

Git / github.com/httpsgithu/proxychains-ng

Affected ranges

Type
GIT
Repo
https://github.com/httpsgithu/proxychains-ng
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
cc005b7
Type
GIT
Repo
https://github.com/rofl0r/proxychains-ng
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
282ac7dd02fe229b77af11ee6dd902956d306c9b
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.17"
        }
    ]
}

Affected versions

v4.*
v4.1
v4.10
v4.11
v4.12
v4.13
v4.14
v4.15
v4.16
v4.17
v4.2
v4.3
v4.4
v4.5
v4.6
v4.7
v4.8
v4.8.1
v4.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-34451.json"