Darthgandalf

**Name of the Vulnerable Software and Affected Versions** ZNC versions 1.8.0 through 1.8.1-rc1 **Description** The issue allows authenticated users to trigger an application crash with a NULL pointer dereference if `echo-message` is not enabled and there is no network. This can be exploited by attackers to cause a denial of service. **Recommendations** For ZNC versions 1.8.0 through 1.8.1-rc1, consider enabling `echo-message` to prevent the application crash. As a temporary workaround, ensure that there is always a network connection available to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZNC versions prior to 1.7.3-rc1 **Description** The issue allows an existing remote user to cause a Denial of Service (crash) via invalid encoding. It is due to insufficient input validation in the mechanism for disconnecting clients from the IRC server or a selected channel. This can be exploited by a remote attacker to cause a denial of service. **Recommendations** For versions prior to 1.7.3-rc1, update to version 1.7.3-rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to the ZNC service to minimize the risk of exploitation.