CVE-2026-48684

MEDIUM

FastNetMon Community Edition <= 1.2.9 - Out-of-Bounds Read in NetFlow v9 Options Template Parser

Title source: llm

Description

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the NetFlow v9 options template parser. In process_netflow_v9_options_template() (src/netflow_plugin/netflow_v9_collector.cpp), the scope parsing loop (lines 224-229) iterates until scopes_offset reaches the attacker-controlled option_scope_length value, reading netflow9_template_flowset_record_t structures at each step. No bounds check validates that (zone_address + scopes_offset + sizeof(record)) stays within the flowset. The same issue affects the options field loop (lines 241-257) with option_length. Furthermore, option_scope_length is not validated to be a multiple of sizeof(netflow9_template_flowset_record_t), potentially causing misaligned reads. An attacker can trigger reads past the end of the UDP packet buffer.

References (3)

Core 3

Core References

https://github.com/pavel-odintsov/fastnetmon

https://github.com/pavel-odintsov/fastnetmon/blob/master/src/netflow_plugin/netflow_v9_collector.cpp

https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48684-netflow-v9-options-oob

Scores

CVSS v3 6.5

EPSS 0.0026

EPSS Percentile 17.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (1)

pavel-odintsov/fastnetmon < 1.2.9

Published May 26, 2026

Tracked Since May 26, 2026