InspIRCd Security Advisory 2019-01

Summary

The silence module before v3.1.0 contains a use after free vulnerability. This vulnerability can be used to remotely crash a InspIRCd server by any user able to fully connect to a server.

Affected Versions

This vulnerability is present in the following releases:

This vulnerability is fixed in version 3.1.0. It is strongly recommended that all users upgrade.

If upgrading is not possible then the silence module should be unloaded.

History

References