Pavel-Odintsov

**Name of the Vulnerable Software and Affected Versions** FastNetMon Community Edition versions prior to 1.2.10 **Description** An out-of-bounds read exists in the NetFlow v9 data flowset processor within the `src/netflow plugin/netflow v9 collector.cpp` file. The Data template branch iterates over flow records without performing a per-iteration bounds check against the packet end pointer, unlike the Options template branch which correctly validates the packet length. Because template definitions are sent via unauthenticated UDP by a network peer, an attacker can craft malicious templates to force the parser to read arbitrary memory beyond the packet buffer, potentially leading to sensitive memory leakage or a system crash. **Recommendations** Update to a version later than 1.2.9.

**Name of the Vulnerable Software and Affected Versions** FastNetMon Community Edition versions prior to 1.2.10 **Description** An integer overflow occurs during packet capture buffer allocation in the `allocate buffer()` function. The software calculates `memory size in bytes` using 32-bit unsigned integer arithmetic. When the `ban details records count` configuration parameter is set to a value exceeding approximately 2,832,542, the multiplication overflows, leading to a memory allocation that is smaller than required. Consequently, calls to the `write packet()` function write data beyond the allocated buffer, resulting in heap corruption. This issue stems from the use of `atoi()` to parse the configuration parameter without implementing overflow checks. **Recommendations** Update to version 1.2.10 or later. As a temporary mitigation, ensure the `ban details records count` configuration parameter is set to a value significantly below 2,832,542.