The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.
| package | channel | channel version | pkg version | status |
| ngircd | ||||
| nixos-unstable | ||||
| 2020-09-26 18:00:31 UTC (daaa0e) | 26 | vulnerable | ||
| 2020-09-22 06:20:19 UTC (117984) | 26 | vulnerable | ||
| 2020-09-20 14:15:15 UTC (2a35f6) | 26 | vulnerable | ||
| 2020-09-17 11:50:39 UTC (441a7d) | 26 | vulnerable | ||
| 2020-09-13 20:25:41 UTC (e0759a) | 26 | vulnerable | ||
| 2020-09-09 05:00:30 UTC (615251) | 26 | vulnerable | ||
| 2020-09-07 23:05:17 UTC (a31736) | 26 | vulnerable | ||
| 2020-08-21 13:45:23 UTC (c59ea8) | 26 | vulnerable | ||
| 2020-08-20 14:30:38 UTC (bd0e64) | 26 | vulnerable | ||
| 2020-08-18 11:40:31 UTC (1e3f09) | 26 | vulnerable | ||
| 2020-08-16 22:30:30 UTC (16fc53) | 26 | vulnerable | ||
| 2020-08-11 20:35:42 UTC (32b46d) | 26 | vulnerable | ||
| 2020-08-09 23:40:38 UTC (96069f) | 26 | vulnerable | ||
| 2020-08-08 21:40:41 UTC (b50ef9) | 26 | vulnerable | ||
| 2020-08-06 07:10:34 UTC (8e2b14) | 26 | vulnerable | ||
| 2020-08-01 20:25:27 UTC (840c78) | 26 | vulnerable | ||
| 2020-07-30 16:20:14 UTC (a45f68) | 26 | vulnerable | ||
| 2020-07-27 02:15:25 UTC (28fce0) | 26 | vulnerable |