xchat 2.0.6 allows remote malicious users to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.
xchat xchat 2.0.6