A vulnerability has been discovered in Elemental-IRCd/ShadowIRCd all the way back to version 6.3. If a client does a SASL authentication before the server is ready for it, a race condition will be met and the ircd will segfault to an address out of bounds error. Demonstration exploit included.
4501916be0db906cac09b9b45bff1dbbfb26c9183a28a1ff168f52adf5ceb358