QwikSec

Security Database

CVE

CWE

Training

CVE-2025-34451

Published: Dec 18, 2025

Modified: May 14, 2026

PUBLISHED

Description

rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxy_from_string() located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password fields, the application may write beyond the bounds of fixed-size stack buffers, leading to memory corruption or crashes. This vulnerability may allow denial of service and, under certain conditions, could be leveraged for further exploitation depending on the execution environment and applied mitigations.

Vendor	Product	Versions
rofl0r	proxychains-ng	affected `0 - <= 4.17` unaffected `cc005b7132811c9149e77b5e33cff359fc95512e`

Weaknesses (CWE)

References

https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-008-proxychains-ng-stack-buffer-overflow-proxy_from_string.md

technical-description

exploit

https://github.com/rofl0r/proxychains-ng/issues/606

issue-tracking

https://github.com/httpsgithu/proxychains-ng/commit/cc005b7

patch

https://www.vulncheck.com/advisories/rofl0r-proxychains-ng-stack-based-buffer-overflow

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.