Security Advisory 2019-01 - InspIRCd Documentation

InspIRCd Security Advisory 2019-01

Summary

The silence module before v3.1.0 contains a use after free vulnerability. This vulnerability can be used to remotely crash a InspIRCd server by any user able to fully connect to a server.

Affected Versions

This vulnerability is present in the following releases:

v3.0.0
v3.0.1

Recommended Action

This vulnerability is fixed in version 3.1.0. It is strongly recommended that all affected users upgrade.

If upgrading is not possible then the silence module should be unloaded.

History

2019-04-18 — A rewritten version of the silence module was committed containing the vulnerability.
2019-05-14 — A crash vulnerability was reported to the InspIRCd team.
2019-05-15 — The cause of the crash was identified by the InspIRCd team and a fix was prepared.
2019-05-17 — InspIRCd v3.1.0 was released with a fix for the crash vulnerability.

References

InspIRCd commit bcd65de.
InspIRCd commit 7b47de3.
CVE-2019-20918

Keys	Action
`?`	Open this help
`n`	Next page
`p`	Previous page
`s`	Search