Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-48686: FastNetMon Community Edition BGP Decoder Stack Overflow

CVE-2026-48686

Summary

FastNetMon Community Edition, a network monitoring tool, contains a bug in its BGP (Border Gateway Protocol) decoder. This bug can allow an attacker to execute malicious code on a vulnerable system. To fix this, update to version 1.2.10 or later. If you can't update right now, consider disabling BGP protocol processing until you can update.

Original title

Original description

FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (Network Layer Reachability Information) decoder. The function decode_bgp_subnet_encoding_ipv4_raw() in src/bgp_protocol.cpp reads prefix_bit_length directly from the BGP packet (line 99) without validating it is <= 32 for IPv4 prefixes. This value is passed to how_much_bytes_we_need_for_storing_certain_subnet_mask() which computes ceil(prefix_bit_length / 8), returning up to 32 bytes for a prefix_bit_length of 255. The result is used as the length argument to memcpy() (line 106), which copies into a 4-byte uint32_t stack variable (prefix_ipv4). This causes a stack buffer overflow of up to 28 bytes, which can be exploited for arbitrary code execution. Additionally, the unvalidated prefix_bit_length is passed to convert_cidr_to_binary_netmask_local_function_copy() (line 111), where a shift of (32 - cidr) with cidr > 32 causes undefined behavior.

Vulnerability type

CWE-120 Classic Buffer Overflow

CWE-787 Out-of-bounds Write

Published: 26 May 2026 · Updated: 28 May 2026 · First seen: 26 May 2026