CVE-2020-13775

Name of the Vulnerable Software and Affected Versions ZNC versions 1.8.0 through 1.8.1-rc1

Description The issue allows authenticated users to trigger an application crash with a NULL pointer dereference if echo-message is not enabled and there is no network. This can be exploited by attackers to cause a denial of service.

Recommendations For ZNC versions 1.8.0 through 1.8.1-rc1, consider enabling echo-message to prevent the application crash. As a temporary workaround, ensure that there is always a network connection available to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.