CVE-2026-48688

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10

Description Multiple out-of-bounds reads exist in the BGP MP REACH NLRI IPv6 attribute decoder. The decode mp reach ipv6() function in src/bgp protocol.cpp casts raw pointers to structure types without verifying sufficient data exists. It uses the attacker-controlled length of next hop field to determine memcpy size and computes prefix length by dereferencing a pointer calculated from multiple attacker-controlled offsets without bounds validation. This prefix length is subsequently used to calculate number of bytes required for prefix, which serves as a memcpy length without checking the remaining buffer size. This issue can cause the defense stack to crash if BGP is peered for flowspec DDoS mitigation.

Recommendations Update to version 1.2.10 or later.