CVE-2026-48686

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10

Description A stack-based buffer overflow exists in the BGP NLRI (Network Layer Reachability Information) decoder. The function decode bgp subnet encoding ipv4 raw() in src/bgp protocol.cpp reads the prefix bit length from a BGP packet without validating that it is less than or equal to 32 for IPv4 prefixes. This value is processed by how much bytes we need for storing certain subnet mask(), which can return up to 32 bytes for a prefix bit length of 255. This result is then used as the length argument for memcpy(), which copies data into a 4-byte uint32 t stack variable (prefix ipv4), leading to a buffer overflow of up to 28 bytes that may allow arbitrary code execution. Furthermore, the unvalidated prefix bit length is passed to convert cidr to binary netmask local function copy(), where a shift operation of (32 - cidr) with cidr greater than 32 results in undefined behavior.

Recommendations Update to version 1.2.10 or later.