CVE-2026-48689
9.8 CRITICALFastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dy...
Published: 2026-05-26 · Last updated: 2026-05-27
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-122, CWE-193, CWE-787
Affected products
| Vendor | Product |
|---|---|
| pavel-odintsov | fastnetmon |
Description
FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffer, append_data_as_pointer, append_data_as_object_ptr, memcpy_from_ptr, memcpy_from_object_ptr) use an incorrect bounds check of the form 'if (offset + length > maximum_internal_storage_size + 1)' instead of the correct 'if (offset + length > maximum_internal_storage_size)'. This allows writing exactly one byte past the end of the heap-allocated buffer. The class is used pervasively in BGP message encoding/decoding, NetFlow template processing, and Flow Spec NLRI construction. An attacker who can send network traffic (NetFlow, sFlow, IPFIX, or BGP) to a FastNetMon instance can trigger this overflow, potentially achieving arbitrary code execution by corrupting heap metadata. Notably, the append_byte() method uses the correct bounds check, confirming the inconsistency.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-48689
- [Other]https://github.com/pavel-odintsov/fastnetmon
- [Other]https://github.com/pavel-odintsov/fastnetmon/blob/master/src/dynamic_binary_buffer.hpp
- [Exploit reference]https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48689-dynamic-buffer-off-by-one
Related CVEs
Same vendor
- CVE-2026-48696 — FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689 (6.2 MEDIUM)
- CVE-2026-48695 — FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin (8.1 HIGH)
- CVE-2026-48694 — FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin (8.1 HIGH)
- CVE-2026-48697 — FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections (7.4 HIGH)
- CVE-2026-48693 — FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp (5.5 MEDIUM)
Same CWE
- CVE-2026-53465 — ImageMagick is free and open-source software used for editing and manipulating digital images (6.2 MEDIUM)
- CVE-2026-53461 — ImageMagick is free and open-source software used for editing and manipulating digital images (7.5 HIGH)
- CVE-2026-48994 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.9 MEDIUM)
- CVE-2026-48724 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
- CVE-2026-46692 — ImageMagick is free and open-source software used for editing and manipulating digital images (4.1 MEDIUM)