CVE-2002-1158
Description
Buffer overflow in Canna 3.5b2 and earlier allows local attackers to execute arbitrary code as the bin user via the irw_through function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in Canna 3.5b2 and earlier allows local attackers to execute arbitrary code as the bin user via the irw_through function.
Vulnerability
Buffer overflow in the irw_through function of Canna version 3.5b2 and earlier allows local users to execute arbitrary code as the bin user. [1][2][3][4]
Exploitation
A local attacker can trigger the overflow by providing crafted input to the irw_through function. No special privileges are required beyond local access. The overflow leads to code execution in the context of the bin user.
Impact
Successful exploitation grants the attacker arbitrary code execution as the bin user, potentially leading to privilege escalation or system compromise.
Mitigation
Red Hat and Debian released updated packages. Red Hat advisories RHSA-2002:246, RHSA-2002:261, and RHSA-2003:115 address the issue. Debian advisory DSA-224 also provides a fix. Users should upgrade to the patched version.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- www.redhat.com/support/errata/RHSA-2002-246.htmlnvdPatchVendor Advisory
- www.securityfocus.com/bid/6351nvdPatchVendor Advisory
- canna.sourceforge.jp/sec/Canna-2002-01.txtnvd
- marc.infonvd
- www.debian.org/security/2003/dsa-224nvd
- www.redhat.com/support/errata/RHSA-2002-261.htmlnvd
- www.redhat.com/support/errata/RHSA-2003-115.htmlnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/10831nvd
News mentions
0No linked articles in our index yet.