CVE-2026-48689: FastNetMon Community Edition: Off-by-One Buffer Overflow in Dynamic Binary Buffer

Summary

A security issue affects the dynamic binary buffer handling in FastNetMon Community Edition versions up to 1.2.9. An attacker can potentially execute arbitrary code by sending malicious network traffic to a FastNetMon instance. To fix this, update to the latest version of FastNetMon Community Edition.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions
pavel-odintsov	fastnetmon	<= 1.2.9 `cpe:2.3:a:pavel-odintsov:fastnetmon:::::community:::*`

Original title

FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffe...

Original description

FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffer, append_data_as_pointer, append_data_as_object_ptr, memcpy_from_ptr, memcpy_from_object_ptr) use an incorrect bounds check of the form 'if (offset + length > maximum_internal_storage_size + 1)' instead of the correct 'if (offset + length > maximum_internal_storage_size)'. This allows writing exactly one byte past the end of the heap-allocated buffer. The class is used pervasively in BGP message encoding/decoding, NetFlow template processing, and Flow Spec NLRI construction. An attacker who can send network traffic (NetFlow, sFlow, IPFIX, or BGP) to a FastNetMon instance can trigger this overflow, potentially achieving arbitrary code execution by corrupting heap metadata. Notably, the append_byte() method uses the correct bounds check, confirming the inconsistency.

Vulnerability type

CWE-787 Out-of-bounds Write

CWE-122 Heap-based Buffer Overflow

CWE-193