InspIRCd Security Advisory 2019-02


The mysql module before v3.3.0 contains a null pointer dereference when built against mariadb-connector-c v3.0.5 or newer. When combined with the sqlauth or sqloper modules this vulnerability can be used to remotely crash an InspIRCd server by any user able to connect to a server.

Affected Versions

This vulnerability is present in the following releases:

This vulnerability is fixed in versions 2.0.28 and 3.3.0. It is strongly recommended that all affected users upgrade.

If upgrading is not possible then the mysql module should be unloaded.