Coki

**Name of the Vulnerable Software and Affected Versions** ngIRCd versions 0.8.2 and earlier **Description** The issue is related to a format string vulnerability in the Log Resolver function. This vulnerability can be exploited by remote attackers to execute arbitrary code when certain conditions are met, such as compilation with IDENT, logging to SYSLOG, and DEBUG enabled. **Recommendations** For ngIRCd versions 0.8.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** socat versions 1.4.0.3 and earlier **Description** The issue is related to a format string vulnerability in the msg function in error.c. This vulnerability can be exploited when socat is used as an HTTP proxy client and run with the -ly option, allowing remote attackers or local users to execute arbitrary code via format string specifiers in a syslog message. **Recommendations** For socat versions 1.4.0.3 and earlier, consider updating to a version that contains a fix for this issue, as using an outdated version poses a significant risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Citadel/UX versions 6.23 and earlier **Description** A buffer overflow issue allows remote attackers to cause a denial of service via a long `username`. **Recommendations** For versions 6.23 and earlier, update to a version later than 6.23 to resolve the issue.