Your message dated Fri, 08 May 2026 07:33:54 +0000
with message-id <[email protected]>
and subject line Bug#1123676: fixed in proxychains-ng 4.17-3.1
has caused the Debian Bug report #1123676,
regarding proxychains-ng: CVE-2025-34451
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1123676: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123676
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: proxychains-ng
Version: 4.17-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/rofl0r/proxychains-ng/issues/606
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for proxychains-ng.
CVE-2025-34451[0]:
| rofl0r/proxychains-ng versions up to and including 4.17 and prior to
| commit cc005b7 contain a stack-based buffer overflow vulnerability
| in the function proxy_from_string() located in src/libproxychains.c.
| When parsing crafted proxy configuration entries containing overly
| long username or password fields, the application may write beyond
| the bounds of fixed-size stack buffers, leading to memory corruption
| or crashes. This vulnerability may allow denial of service and,
| under certain conditions, could be leveraged for further
| exploitation depending on the execution environment and applied
| mitigations.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-34451
https://www.cve.org/CVERecord?id=CVE-2025-34451
[1] https://github.com/rofl0r/proxychains-ng/issues/606
[2]
https://github.com/rofl0r/proxychains-ng/commit/cc005b7132811c9149e77b5e33cff359fc95512e
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: proxychains-ng
Source-Version: 4.17-3.1
Done: Adrian Bunk <[email protected]>
We believe that the bug you reported is fixed in the latest version of
proxychains-ng, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated proxychains-ng package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 07 May 2026 23:58:04 +0300
Source: proxychains-ng
Architecture: source
Version: 4.17-3.1
Distribution: unstable
Urgency: medium
Maintainer: Thiago Andrade Marques <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1123676
Changes:
proxychains-ng (4.17-3.1) unstable; urgency=medium
.
* Non-maintainer upload.
* CVE-2025-34451: buffer overflow in config file parsing
(Closes: #1123676)
Checksums-Sha1:
faf2ba33870782718d0ba00a19d005f9fdd4a47b 1966 proxychains-ng_4.17-3.1.dsc
03cb17a8d81b3473680f7f3cdda616cc76a02b82 7264
proxychains-ng_4.17-3.1.debian.tar.xz
Checksums-Sha256:
8dc54a9ac7926b1faa9f084ed893e0e6da377b8e6514b275befdd7698fc41211 1966
proxychains-ng_4.17-3.1.dsc
754315bbacd317d9c13aaef3aaf03cc9807ff51f0633b4ca154738a5073d6077 7264
proxychains-ng_4.17-3.1.debian.tar.xz
Files:
9f64bbf616303f71094966a616a304ca 1966 net optional proxychains-ng_4.17-3.1.dsc
4d87bf599ab001db4297e2f25792bae7 7264 net optional
proxychains-ng_4.17-3.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmn8/VcACgkQiNJCh6LY
mLH8fA/8CM6eNBQYe4eGhE3mi0LBmtC6XySRx/PQopyCDVXCcTNg+MdmXRUpdufY
G+VIIKrDhn37JMFUFrkNRYV+TOltMOEi8+7ziOwEnKG5O+IcZmXCY8oQVMQNmVLw
aw6cYfNu0MBNPpI2DuR9rma6CdY/UdkgvYPPXAppTT1Rc3jRElAas2NtaAS6nYnf
F8IcVzmTrro8e7uDkLop913fLiXRBh2rNbmXfs4gKQS7fY9BPLVbBWhStIsEr1Rc
PSiuzjOyrdn5LCJhDztgfAnSzBkbhGuO3rzNee/+trKCgiGr6AHYT7JOpZ/xgaU1
xNAvVZyEUAkIfnm3QZ2zvqG8kRofgPZAo1nF9a+Vg+keIbffizBhW+fmWNOSGYkA
Jiz7qDYDp3xwNKUHllOUf+mG4C/NkZAmcCcY9wALot7VDMrr7FjCjSPEM1Qv0Igs
pSLkADF1TGSGxepsmI8xAiiQblM9WAx35VK6icNMtnEKuIZFPQ4lD1ypoTDUWJrH
nLPuPGWrl5VcSNWAiRnp6/nSAPp9vzafJr10NIgY/L8RD9usZJcDi7PNKhGGFth1
rVsoprbvLC4LiX7wh0XshpA2swxFW/6D7Lg2pxm5VWjU1lwOLlXL6UGDTJgrG87v
DhB+C5ywsihgsiu24mFk+x455iEHMmrw9nHbE0BcAvclyuSISkU=
=MDAv
-----END PGP SIGNATURE-----
pgpfJjMnmGwMA.pgp
Description: PGP signature
--- End Message ---
