CVE Catalog

CVE-2026-48691

Critical
Published: Translated: NVD NIST

Summary

FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. The get_attributes() function computes attribute_length, leading to silent truncation when the AS_PATH contains more than 63 ASNs, resulting in a heap buffer overflow.

Risk Assessment

Buffer overflow can lead to unauthorized memory access, posing a serious threat to the integrity and availability of the system.

Recommendation

It is recommended to upgrade to the latest version of FastNetMon to mitigate this vulnerability and to monitor the system for unauthorized activities.

Original NVD description (English source)

FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the IPv4UnicastAnnounce::get_attributes() function computes attribute_length as 'sizeof(bgp_as_path_segment_element_t) + this->as_path_asns.size() * sizeof(uint32_t)' and stores it in a uint8_t field (line 600-605). Since uint8_t can only hold values 0-255, an AS_PATH containing more than 63 ASNs (2 + 64*4 = 258 > 255) causes silent truncation. The truncated length is used for buffer sizing, while the actual data written is the full untruncated amount, resulting in a heap buffer overflow. Similarly, the path_segment_length field at line 621 is also uint8_t, truncating with more than 255 ASNs.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS