Sadiecat

**Name of the Vulnerable Software and Affected Versions** InspIRCd versions 3.8.0 through 3.9.x **Description** The issue is related to a problem where any user able to connect to the server can access recently deallocated memory, also known as the "malformed PONG" issue. This is due to incorrect permission assignment for a critical resource, which can allow a remote attacker to gain access to confidential data. **Recommendations** For InspIRCd versions 3.8.0 through 3.9.x, update to version 3.10.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** InspIRCd versions prior to 3.1.0 **Description** A use after free issue was found in the silence module, allowing any user who can fully connect to a server to remotely crash an InspIRCd server. **Recommendations** For versions prior to 3.1.0, update to version 3.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** InspIRCd versions prior to 2.0.29 InspIRCd versions prior to 3.6.0 **Description** An issue was discovered in the pgsql module of InspIRCd, which contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this issue can be used for remote crashing of an InspIRCd server by any user able to connect to the server. The vulnerability is related to the use of memory after it has been freed, which can allow a remote attacker to cause a denial of service. **Recommendations** For versions prior to 2.0.29, update to version 2.0.29 or later. For versions prior to 3.6.0, update to version 3.6.0 or later. As a temporary workaround, consider disabling the pgsql module, as well as the sqlauth or sqloper modules, until a patch is available.

**Name of the Vulnerable Software and Affected Versions** InspIRCd versions prior to 2.0.28 InspIRCd versions prior to 3.3.0 **Description** The issue is related to a NULL pointer dereference in the mysql module of InspIRCd when built against mariadb-connector-c 3.0.5 or newer. This can be exploited for remote crashing of an InspIRCd server by any user able to connect to it, particularly when combined with the sqlauth or sqloper modules. The vulnerability is associated with pointer dereference errors, which can allow a remote attacker to cause a denial of service. **Recommendations** For InspIRCd versions prior to 2.0.28, update to version 2.0.28 or later. For InspIRCd versions prior to 3.3.0, update to version 3.3.0 or later.