InspIRCd Security Advisory 2019-01
The silence module before v3.1.0 contains a use after free vulnerability. This vulnerability can be used to remotely crash a InspIRCd server by any user able to fully connect to a server.
This vulnerability is present in the following releases:
This vulnerability is fixed in version 3.1.0. It is strongly recommended that all users upgrade.
If upgrading is not possible then the silence module should be unloaded.
- 2019-04-18 — A rewritten version of the silence module was committed containing the vulnerability.
- 2019-05-14 — A crash vulnerability was reported to the InspIRCd team.
- 2019-05-15 — The cause of the crash was identified by the InspIRCd team and a fix was prepared.
- 2019-05-17 — InspIRCd v3.1.0 was released with a fix for the crash vulnerability.