VIR Vulnerability Intelligence Relay

CVE-2026-48684

medium
Published 2026-05-26 · Modified 2026-05-27
CVSS v3
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
CVSS v2
VIR risk
6.5

Description

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the NetFlow v9 options template parser. In process_netflow_v9_options_template() (src/netflow_plugin/netflow_v9_collector.cpp), the scope parsing loop (lines 224-229) iterates until scopes_offset reaches the attacker-controlled option_scope_length value, reading netflow9_template_flowset_record_t structures at each step. No bounds check validates that (zone_address + scopes_offset + sizeof(record)) stays within the flowset. The same issue affects the options field loop (lines 241-257) with option_length. Furthermore, option_scope_length is not validated to be a multiple of sizeof(netflow9_template_flowset_record_t), potentially causing misaligned reads. An attacker can trigger reads past the end of the UDP packet buffer.

Predictions

Exploit likelihood
75%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2026-48684

OS impact
OSVersionStatusFixed in
debian debianbookwormaffected
debian debianforkyaffected
debian debiansidaffected
debian debiantrixieaffected

Application impact
VendorProductVersionsFixed
pavel-odintsovfastnetmon{"endIncluding":"1.2.9"}

References

CWEs

CWE-125

Verify integrity in audit chain (admin only). AS-IS.