Johannes Kuhn discovered that messages and channel names are not
properly escaped in the modtcl module in ZNC, a IRC bouncer, which could
result in remote code execution via specially crafted messages.

https://security-tracker.debian.org/tracker/DSA-5725-1

Read More