PT-2024-9990 · Unknown · Fastnetmon Community Edition

Evgeny Shtanov

Published

2024-12-13

Updated

2024-12-26

CVE-2024-56073

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: FastNetMon Community Edition versions 1.2.7 and earlier

Description: An issue was discovered that allows remote attackers to cause a denial of service. This is due to zero-length templates for Netflow v9, which can lead to a divide-by-zero error and application crash. The vulnerability is related to the lack of checking for division by zero when processing templates.

Recommendations: For FastNetMon Community Edition versions 1.2.7 and earlier, as a temporary workaround, consider disabling the processing of zero-length templates for Netflow v9 until a patch is available. Restrict access to the Netflow v9 functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Divide By Zero

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-369

Related Identifiers

BDU:2025-00110

CVE-2024-56073

DSA-5837-1

Affected Products

Fastnetmon Community Edition

PT-2024-9990 · Unknown · Fastnetmon Community Edition

CVE-2024-56073

Weakness Enumeration

Related Identifiers

Affected Products

References · 17