CVE-2024-25398 identifies a denial of service (DoS) vulnerability in Srelay version 0.4.8p3, a widely used SOCKS proxy and relay software. The vulnerability arises when the software processes a specially crafted network payload that causes resource exhaustion or crashes, leading to service disruption. Classified under CWE-400, this vulnerability exploits the software's inability to handle certain malformed or malicious inputs, resulting in denial of service. The CVSS 3.1 base score is 7.5 (high), reflecting the vulnerability's network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N, I:N), but high impact on availability (A:H). This means an unauthenticated attacker can remotely trigger the DoS condition without user involvement, causing the proxy service to become unavailable. No patches or fixes have been released yet, and no known exploits have been observed in the wild. The vulnerability affects Srelay version 0.4.8p3, though the exact affected versions are not fully enumerated. Given Srelay’s role in proxying network traffic, disruption can affect dependent applications and network segments relying on it for SOCKS proxy functionality.

The primary impact of CVE-2024-25398 is the disruption of availability of Srelay proxy services. Organizations using Srelay for SOCKS proxying may experience service outages, which can interrupt network traffic routing, degrade user experience, and potentially impact dependent applications or services. Since the vulnerability does not affect confidentiality or integrity, data breaches or unauthorized data modification are not direct concerns. However, denial of service on proxy infrastructure can indirectly affect business continuity, especially in environments where Srelay is critical for network segmentation, anonymization, or access control. The ease of exploitation (no authentication or user interaction required) increases the risk of opportunistic attacks. Although no exploits are currently known in the wild, the public disclosure and high CVSS score may motivate attackers to develop exploits. Organizations worldwide that rely on Srelay or similar SOCKS proxy implementations are at risk, particularly those with exposed proxy services accessible over the network.

1. Monitor network traffic for unusual or malformed payloads targeting Srelay services, using intrusion detection systems or network anomaly detection tools. 2. Restrict network access to Srelay instances by implementing firewall rules or access control lists to limit exposure to untrusted networks and reduce attack surface. 3. Deploy rate limiting or connection throttling on proxy services to mitigate resource exhaustion attempts. 4. Regularly review and update proxy software configurations to minimize unnecessary services or features that could be exploited. 5. Stay informed about vendor or community updates for Srelay and apply patches or updates immediately once available. 6. Consider deploying alternative or additional proxy solutions with more robust security postures if Srelay remains unpatched. 7. Implement redundancy and failover mechanisms for proxy services to maintain availability during potential DoS attacks. 8. Conduct penetration testing and vulnerability assessments focusing on proxy infrastructure to identify and remediate weaknesses proactively.