Aggregates CVE and security vulnerability intelligence across all ircd-hybrid-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk input validation and vendor risk denial of service, with potential vendor impact unexpected behavior across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2013-0238 | The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid before 8.0.6 does not properly validate masks, which allows remote attackers to cause a denial of service (crash) via a mask that causes a negative number to be parsed. | [email protected] | 5.0 | 39.23% | 2013-02-13 | 2026-04-29 |
| CVE-2009-4016 | Integer underflow in the clean_string function in irc_string.c in (1) IRCD-hybrid 7.2.2 and 7.2.3, (2) ircd-ratbox before 2.2.9, and (3) oftc-hybrid before 1.6.8, when flatten_links is disabled, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a LINKS command. | [email protected] | 6.8 | 4.01% | 2010-02-04 | 2026-04-29 |
| CVE-2004-0605 | Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ircd-ratbox 1.5.1 and earlier, or (3) ircd-ratbox 2.0rc6 and earlier do not have a rate-limit imposed, which could allow remote attackers to cause a denial of service by repeatedly making requests, which are slowly dequeued. | [email protected] | 5.0 | 5.17% | 2004-12-06 | 2026-04-16 |