CVE-2026-48690

FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packet storage.hpp, the allocate buffer() function computes memory size in bytes as 'buffer size in packets * (max captured packet size + sizeof(fastnetmon pcap pkthdr t)) + sizeof(fastnetmon pcap file header t)' using unsigned int (32-bit) arithmetic. With max captured packet size=1500 and sizeof(fastnetmon pcap pkthdr t)=16, each packet requires approximately 1516 bytes. If buffer size in packets exceeds approximately 2,832,542, the multiplication overflows, resulting in a much smaller allocation than expected. Subsequent write packet() calls then write past the allocated buffer, causing heap corruption. The buffer size in packets value is derived from the ban details records count configuration parameter, which is parsed using atoi() with no overflow checking.