CVE 9.8 CRITICAL

CVE-2026-48689_CVE-2026-48689

May 26, 2026 invoker category_cve
9.8 / 10
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffer, append_data_as_pointer, append_data_as_object_ptr, memcpy_from_ptr, memcpy_from_object_ptr) use an incorrect bounds check of the form 'if (offset + length > maximum_internal_storage_size + 1)' instead of the correct 'if (offset + length > maximum_internal_storage_size)'. This allows writing exactly one byte past the end of the heap-allocated buffer. The class is used pervasively in BGP message encoding/decoding, NetFlow template processing, and Flow Spec NLRI construction. An attacker who can send network traffic (NetFlow, sFlow, IPFIX, or BGP) to a FastNetMon instance can trigger this overflow, potentially achieving arbitrary code execution by corrupting heap metadata. Notably, the append_byte() method uses the correct bounds check, confirming the inconsistency.

AI Analysis

Off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class, allowing arbitrary code execution by corrupting heap metadata

Basic Information

ID CVE-2026-48689
Source mitre
Published May 26, 2026 at 00:00
Modified May 27, 2026 at 00:20

Affected Product

Vendor FastNetMon
Product FastNetMon Community Edition
Version 1.2.9
Affected Versions n/a n/a n/a

CWE Classification

CWE-193 CWE-122

AI Assessment

AI Score 9.8 / 10
AI Severity Critical
Vendor FastNetMon
Product FastNetMon Community Edition
Version 1.2.9

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.