InspIRCd Security Advisory 2019-02

Summary

The mysql module before v3.3.0 contains a null pointer dereference when built against mariadb-connector-c v3.0.5 or newer. When combined with the sqlauth or sqloper modules this vulnerability can be used to remotely crash an InspIRCd server by any user able to connect to a server.

Affected Versions

This vulnerability is present in the following releases:

This vulnerability is fixed in versions 2.0.28 and 3.3.0. It is strongly recommended that all users upgrade.

If upgrading is not possible then the mysql module should be unloaded.

History

References