Multiple buffer overflows in ircII 20020912 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via responses that are not properly fed to the my_strcat function by (1) ctcp_buffer, (2) cannot_join_channel, (3) status_make_printable for Statusbar drawing, (4) create_server_list, and possibly other functions.
http://www.securityfocus.com/bid/7098
http://www.debian.org/security/2003/dsa-298
http://www.debian.org/security/2003/dsa-291