InspIRCd Security Advisory 2020-01


The pgsql module before v2.0.29 and v3.6.0 contains a use after free vulnerability. When combined with the sqlauth or sqloper modules this vulnerability can be used to remotely crash an InspIRCd server by any user able to connect to a server.

Affected Versions

This vulnerability is present in the following releases:

This vulnerability is fixed in versions 2.0.29 and 3.6.0. It is strongly recommended that all affected users upgrade.

If upgrading is not possible then the pgsql module should be unloaded.