Aggregates CVE and security vulnerability intelligence across all ngircd-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk input validation and vendor risk denial of service, with potential vendor impact unexpected behavior across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2013-1747 | channel.c in ngIRCd 20 and 20.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a KICK command for a user who is not on the associated channel. | [email protected] | 5.0 | 1.38% | 2013-03-28 | 2026-04-29 |
| CVE-2009-4652 | The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngircd/conn.c in ngIRCd 13 and 14, when SSL/TLS support is present and standalone mode is disabled, allow remote attackers to cause a denial of service (application crash) by sending the MOTD command from another server in the same IRC network, possibly related to an array index error. | [email protected] | 2.6 | 1.11% | 2010-02-26 | 2026-04-29 |
| CVE-2008-0285 | ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference. | [email protected] | 5.0 | 1.19% | 2008-01-16 | 2026-04-23 |
| CVE-2007-6062 | irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause a denial of service (crash) via a JOIN command without a channel argument. | [email protected] | 5.0 | 1.19% | 2007-11-20 | 2026-04-23 |
| CVE-2005-0226 | Format string vulnerability in the Log_Resolver function in log.c for ngIRCd 0.8.2 and earlier, when compiled with IDENT, logging to SYSLOG, and with DEBUG enabled, allows remote attackers to execute arbitrary code. | [email protected] | 7.5 | 10.01% | 2005-02-03 | 2026-04-16 |