Source: proxychains-ng Version: 4.17-3 Severity: important Tags: security upstream Forwarded: https://github.com/rofl0r/proxychains-ng/issues/606 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for proxychains-ng. CVE-2025-34451[0]: | rofl0r/proxychains-ng versions up to and including 4.17 and prior to | commit cc005b7 contain a stack-based buffer overflow vulnerability | in the function proxy_from_string() located in src/libproxychains.c. | When parsing crafted proxy configuration entries containing overly | long username or password fields, the application may write beyond | the bounds of fixed-size stack buffers, leading to memory corruption | or crashes. This vulnerability may allow denial of service and, | under certain conditions, could be leveraged for further | exploitation depending on the execution environment and applied | mitigations. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-34451 https://www.cve.org/CVERecord?id=CVE-2025-34451 [1] https://github.com/rofl0r/proxychains-ng/issues/606 [2] https://github.com/rofl0r/proxychains-ng/commit/cc005b7132811c9149e77b5e33cff359fc95512e Please adjust the affected versions in the BTS as needed. Regards, Salvatore
