These are some results of my recent efforts of fuzzing IRC-related software.
From the Weechat security page:
Date/time conversion specifiers are expanded after replacing buffer local variables in name of log files. In some cases, this can lead to an error in function strftime and a crash caused by the use of an uninitialized buffer. Workaround: Unload the logger plugin: /plugin unload logger
From the UnrealIRCd forum post:
There’s a handshake bug can be triggered before the user is fully connected. This allows a user to crash an UnrealIRCd server, even those with restrictions such as password protected hubs. This one has a CVSSv3 score of 7.5 (High): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
At the time of this post, a CVE ID has not been assigned.