CVE Catalog

CVE-2026-48689

Critical
Published: Translated: NVD NIST

Summary

FastNetMon Community Edition up to version 1.2.9 contains a heap-based buffer overflow in the dynamic_binary_buffer_t class, allowing writing one byte past the end of the buffer. This flaw occurs in five methods that incorrectly check buffer bounds.

Risk Assessment

An attacker who can send network traffic to a FastNetMon instance may trigger this overflow, potentially leading to arbitrary code execution by corrupting heap metadata. This poses a significant security risk to the system.

Recommendation

It is recommended to update FastNetMon to the latest version to mitigate this vulnerability. Additionally, network traffic should be monitored and appropriate security measures implemented to minimize the risk of attacks.

Original NVD description (English source)

FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffer, append_data_as_pointer, append_data_as_object_ptr, memcpy_from_ptr, memcpy_from_object_ptr) use an incorrect bounds check of the form 'if (offset + length > maximum_internal_storage_size + 1)' instead of the correct 'if (offset + length > maximum_internal_storage_size)'. This allows writing exactly one byte past the end of the heap-allocated buffer. The class is used pervasively in BGP message encoding/decoding, NetFlow template processing, and Flow Spec NLRI construction. An attacker who can send network traffic (NetFlow, sFlow, IPFIX, or BGP) to a FastNetMon instance can trigger this overflow, potentially achieving arbitrary code execution by corrupting heap metadata. Notably, the append_byte() method uses the correct bounds check, confirming the inconsistency.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS