CVE-2025-34451 is a stack-based buffer overflow vulnerability identified in the open-source tool proxychains-ng, specifically in versions up to 4.17 and prior to commit cc005b7. The vulnerability resides in the proxy_from_string() function within src/libproxychains.c, which is responsible for parsing proxy configuration strings. When processing crafted proxy entries containing overly long username or password fields, the function writes beyond the bounds of fixed-size stack buffers. This buffer overflow leads to memory corruption, which can cause application crashes or denial of service. Depending on the execution environment, such as the presence or absence of stack canaries, ASLR, and other memory protections, an attacker might exploit this overflow to execute arbitrary code or escalate privileges. However, exploitation requires the attacker to supply malicious proxy configuration entries, implying local or controlled access to configuration files. The vulnerability does not require user interaction, authentication, or network access, limiting remote exploitation. The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N) reflects local attack vector with low complexity and no privileges or user interaction needed, but with high impact on availability. No public exploits have been reported yet, and no official patches are linked, though the vulnerability is fixed in commits after cc005b7. This vulnerability is categorized under CWE-121, a common and critical class of stack-based buffer overflows.

The primary impact of CVE-2025-34451 is denial of service due to application crashes caused by memory corruption. For organizations relying on proxychains-ng for routing network traffic through proxies, this can disrupt operations, especially in environments where proxychains-ng is integrated into automated workflows or security tools. In certain environments lacking robust memory protections, attackers with local access might escalate the impact to remote code execution or privilege escalation, posing a significant security risk. The vulnerability could be exploited by malicious insiders or attackers who have gained limited access to systems to manipulate proxy configuration files. While no remote exploitation vector exists, the disruption of proxy services can affect confidentiality and integrity indirectly by interrupting secure communications or anonymization services. The scope is limited to systems running vulnerable versions of proxychains-ng, which is popular among penetration testers, security researchers, and privacy-conscious users. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as the vulnerability is publicly disclosed.

Organizations should immediately audit their use of proxychains-ng and identify any instances running versions up to 4.17 or prior to commit cc005b7. Until official patches are released, users should avoid using untrusted proxy configuration files and implement strict validation and sanitization of proxy usernames and passwords. Employing runtime memory protection mechanisms such as stack canaries, ASLR, and DEP can reduce exploitation risk. Restrict file system permissions on proxy configuration files to prevent unauthorized modification. Consider using alternative proxy tools with active maintenance if patching is delayed. Monitor system logs for crashes or unusual behavior related to proxychains-ng. Once patches or updated versions are available, apply them promptly. Additionally, incorporate input length checks in any custom scripts or wrappers that generate proxy configuration entries to prevent buffer overflow conditions.