InspIRCd Security Advisory 2024-01

Summary

The spanningtree module before v4.0.1 contains a null pointer dereference. When the chanhistory module is also loaded this vulnerability can be used to remotely crash a InspIRCd server by any user able to connect to a server and set channel modes.

Thanks to @RobCubed for reporting this issue.

Affected Versions

This vulnerability is present in the following releases:

• v4.0.0a26
• v4.0.0rc1
• v4.0.0rc2
• v4.0.0rc3
• v4.0.0

Recommended Action

This vulnerability is fixed in version 4.0.1. It is strongly recommended that all affected users upgrade.

If upgrading is not possible then the spanningtree module should be unloaded. If this is also not possible then the chanhistory module should be unloaded.

History

• 2024-03-08 — The vulnerability was introduced.
• 2024-07-02 — A crash vulnerability was reported to the InspIRCd team.
• 2024-07-02 — The cause of the crash was identified by the InspIRCd team and a fix was prepared.
• 2024-07-03 — InspIRCd v4.0.1 was released with a fix for the crash vulnerability.

References

• InspIRCd commit ef572e3.
• InspIRCd commit b1f5817.