CVE-2002-1566
Description
netris 0.5, and possibly other versions before 0.52, when running with the -w (wait) option, allows remote attackers to cause a denial of service (crash) via a long string to port 9284.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4Patches
Vulnerability mechanics
Root cause
"A buffer overflow vulnerability exists in the handling of network input."
Attack vector
An unauthenticated remote attacker can send a long string to port 9284 when the netris application is running with the -w option. This long string overflows a buffer, leading to a crash of the application. The exploit code demonstrates sending a crafted buffer containing filler, nops, shellcode, and a return address to trigger this overflow [ref_id=1].
Affected code
The vulnerability is located in the `MyEventType()` function, which handles network input. The overflow occurs when data is written past the `netBuf[64]` buffer and into `netBufSize[4]` [ref_id=1]. The exploit code targets netris versions prior to 0.52.
What the fix does
The advisory states that version 0.52 fixes this bug. The patch itself is not provided, so the exact code changes are not detailed. However, the reference write-up indicates that the vulnerability is in the `MyEventType()` function and involves overflowing `netBuf[64]` [ref_id=1]. The fix likely involves proper bounds checking on the input to `netBuf`.
Preconditions
- configThe netris application must be running with the -w (wait) option.
- networkThe attacker must be able to send network traffic to port 9284.
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- www.securityfocus.com/bid/5680nvdExploitPatchVendor Advisory
- marc.infonvd
- exchange.xforce.ibmcloud.com/vulnerabilities/10081nvd
News mentions
0No linked articles in our index yet.