CVE-2014-9403

Name of the Vulnerable Software and Affected Versions ZNC versions prior to 1.4

Description The issue allows remote authenticated users to cause a denial of service, resulting in a crash due to a NULL pointer dereference. This occurs when a user adds a channel with the same name as an existing channel but without the leading # character. The problem is related to a use-after-free error, which happens when memory is accessed after it has been freed.

Recommendations For versions prior to 1.4, update to version 1.4 or later to resolve the issue. As a temporary workaround, consider restricting the ability for remote authenticated users to add channels with names similar to existing ones, to minimize the risk of exploitation.