Thomas Sader

Name of the Vulnerable Software and Affected Versions: Eggdrop versions 1.6.19 and earlier Windrop versions 1.6.19 and earlier Description: The issue allows remote attackers to cause a denial of service, resulting in a crash, by sending a crafted PRIVMSG that triggers a negative string length copy due to an empty string. This problem exists because of an incorrect fix for a previous issue. Recommendations: For Eggdrop versions 1.6.19 and earlier, consider updating to a version that correctly addresses the issue. For Windrop versions 1.6.19 and earlier, consider updating to a version that correctly addresses the issue. As a temporary workaround, consider restricting access to the `servmsg.c` module in `mod/server.mod` to minimize the risk of exploitation.