ngircd: Server-Server protocol implementation leads to out-of-bounds access (CVE-2020-14148)
The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-14148
- https://security-tracker.debian.org/tracker/CVE-2020-14148
Patch:
https://github.com/ngircd/ngircd/commit/02cf31c0e267a4c9a7656d43ad3ad4eeb37fc9c5
Affected branches:
-
master -
3.12-stable -
3.11-stable -
3.10-stable -
3.9-stable
Edited by Leo