A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 before 6.1.4 allows an unauthenticated remote attacker to crash the server by sending an oversized packet (if a websocket port is open). Remote code execution might be possible on some uncommon, older platforms. https://forums.unrealircd.org/viewtopic.php?t=9340 https://www.unrealircd.org/index/news
Created unrealircd tracking bugs for this issue: Affects: epel-all [bug 2254876] Affects: fedora-all [bug 2254875]