Description
rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxy_from_string() located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password fields, the application may write beyond the bounds of fixed-size stack buffers, leading to memory corruption or crashes. This vulnerability may allow denial of service and, under certain conditions, could be leveraged for further exploitation depending on the execution environment and applied mitigations.
References (4)
Core 4
Core References
Exploit, Third Party Advisory technical-description
exploit
https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-008-proxychains-ng-stack-buffer-overflow-proxy_from_string.md
Exploit, Patch issue-tracking
https://github.com/rofl0r/proxychains-ng/issues/606
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/rofl0r-proxychains-ng-stack-based-buffer-overflow
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
11.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-121
CWE-787
Status
published
Products (3)
proxychains-ng_project/proxychains-ng
< 4.17
rofl0r/proxychains-ng
< 4.17
rofl0r/proxychains-ng
cc005b7132811c9149e77b5e33cff359fc95512e
Published
Dec 18, 2025
Tracked Since
Feb 18, 2026