Hilko Bengen

**Name of the Vulnerable Software and Affected Versions** ngIRCd versions prior to 26~rc2 **Description** The Server-Server protocol implementation in ngIRCd allows an out-of-bounds access, as demonstrated by the `IRC NJOIN()` function. **Recommendations** For versions prior to 26~rc2, update to version 26~rc2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `IRC NJOIN()` function until a patch is available.