Search criteria
2 vulnerabilities by proxychains-ng_project
CVE-2025-34451 (GCVE-0-2025-34451)
Vulnerability from cvelistv5 – Published: 2025-12-18 21:16 – Updated: 2025-12-20 13:33
VLAI?
Title
rofl0r/proxychains-ng <= 4.17 Stack-based Buffer Overflow
Summary
rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxy_from_string() located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password fields, the application may write beyond the bounds of fixed-size stack buffers, leading to memory corruption or crashes. This vulnerability may allow denial of service and, under certain conditions, could be leveraged for further exploitation depending on the execution environment and applied mitigations.
Severity ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rofl0r | proxychains-ng |
Affected:
0 , ≤ 4.17
(semver)
Unaffected: commit cc005b7 (custom) |
Credits
Vlatko Kosturjak with Marlink Cyber
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34451",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T21:37:50.277828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T21:38:07.266Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-008-proxychains-ng-stack-buffer-overflow-proxy_from_string.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "proxychains-ng",
"packageURL": "pkg:github/rofl0r/proxychains-ng",
"product": "proxychains-ng",
"repo": "https://github.com/rofl0r/proxychains-ng",
"vendor": "rofl0r",
"versions": [
{
"lessThanOrEqual": "4.17",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "commit cc005b7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vlatko Kosturjak with Marlink Cyber"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxy_from_string() located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password fields, the application may write beyond the bounds of fixed-size stack buffers, leading to memory corruption or crashes. This vulnerability may allow denial of service and, under certain conditions, could be leveraged for further exploitation depending on the execution environment and applied mitigations."
}
],
"value": "rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxy_from_string() located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password fields, the application may write beyond the bounds of fixed-size stack buffers, leading to memory corruption or crashes. This vulnerability may allow denial of service and, under certain conditions, could be leveraged for further exploitation depending on the execution environment and applied mitigations."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-20T13:33:26.831Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-008-proxychains-ng-stack-buffer-overflow-proxy_from_string.md"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/rofl0r/proxychains-ng/issues/606"
},
{
"tags": [
"patch"
],
"url": "https://github.com/httpsgithu/proxychains-ng/commit/cc005b7"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/rofl0r-proxychains-ng-stack-based-buffer-overflow"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "rofl0r/proxychains-ng \u003c= 4.17 Stack-based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34451",
"datePublished": "2025-12-18T21:16:18.730Z",
"dateReserved": "2025-04-15T19:15:22.602Z",
"dateUpdated": "2025-12-20T13:33:26.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2015-3887 (GCVE-0-2015-3887)
Vulnerability from cvelistv5 – Published: 2017-09-21 16:00 – Updated: 2024-08-06 05:56
VLAI?
Summary
Untrusted search path vulnerability in ProxyChains-NG before 4.9 allows local users to gain privileges via a Trojan horse libproxychains4.so library in the current working directory, which is referenced in the LD_PRELOAD path.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:56:16.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150513 Re: CVE request for proxychains-ng : current path as the first directory for the library search path",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/13/11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rofl0r/proxychains-ng/commit/9ab7dbeb3baff67a51d0c5e71465c453be0890b5#diff-803c5170888b8642f2a97e5e9423d399"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147013"
},
{
"name": "74648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74648"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rofl0r/proxychains-ng/blob/v4.9/README#L56"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rofl0r/proxychains-ng/issues/60"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in ProxyChains-NG before 4.9 allows local users to gain privileges via a Trojan horse libproxychains4.so library in the current working directory, which is referenced in the LD_PRELOAD path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-21T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20150513 Re: CVE request for proxychains-ng : current path as the first directory for the library search path",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/13/11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rofl0r/proxychains-ng/commit/9ab7dbeb3baff67a51d0c5e71465c453be0890b5#diff-803c5170888b8642f2a97e5e9423d399"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147013"
},
{
"name": "74648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74648"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rofl0r/proxychains-ng/blob/v4.9/README#L56"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rofl0r/proxychains-ng/issues/60"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in ProxyChains-NG before 4.9 allows local users to gain privileges via a Trojan horse libproxychains4.so library in the current working directory, which is referenced in the LD_PRELOAD path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150513 Re: CVE request for proxychains-ng : current path as the first directory for the library search path",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/05/13/11"
},
{
"name": "https://github.com/rofl0r/proxychains-ng/commit/9ab7dbeb3baff67a51d0c5e71465c453be0890b5#diff-803c5170888b8642f2a97e5e9423d399",
"refsource": "CONFIRM",
"url": "https://github.com/rofl0r/proxychains-ng/commit/9ab7dbeb3baff67a51d0c5e71465c453be0890b5#diff-803c5170888b8642f2a97e5e9423d399"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1147013",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147013"
},
{
"name": "74648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74648"
},
{
"name": "https://github.com/rofl0r/proxychains-ng/blob/v4.9/README#L56",
"refsource": "CONFIRM",
"url": "https://github.com/rofl0r/proxychains-ng/blob/v4.9/README#L56"
},
{
"name": "https://github.com/rofl0r/proxychains-ng/issues/60",
"refsource": "CONFIRM",
"url": "https://github.com/rofl0r/proxychains-ng/issues/60"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3887",
"datePublished": "2017-09-21T16:00:00",
"dateReserved": "2015-05-12T00:00:00",
"dateUpdated": "2024-08-06T05:56:16.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}