UnrealIRCd 5 and UnrealIRCd 6 can be crashed by a regular user when a certain command is sent. This results in all users being disconnected from the server. There is no other risk than crashing (no buffer overflow or anything, no risk of remote code execution). If you have any deny dcc { } blocks in the config file or spamfilters on the 'd' (dcc) target then the server can be crashed. This is true for many servers as there is a deny dcc { } block in the example configuration file (example.conf). All U5 and U6 versions before January 28, 2022 are affected, so: UnrealIRCd 5.0.0 - 5.2.3 UnrealIRCd 6.0.0 - 6.0.2-rc1 We recommend admins to apply the hot-patch (see next) ASAP which will fix the issue with zero downtime. References: https://forums.unrealircd.org/viewtopic.php?t=9168
Created unrealircd tracking bugs for this issue: Affects: epel-all [bug 2048671] Affects: fedora-all [bug 2048670]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.