CVE-2026-48691

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10

Description An integer overflow exists in the BGP AS PATH attribute encoder. The IPv4UnicastAnnounce::get attributes() function calculates the attribute length and stores it in a uint8 t field. Because a uint8 t only supports values from 0 to 255, an AS PATH containing more than 63 ASNs causes silent truncation. This truncated length is used for buffer sizing, but the full untruncated data is written, leading to a heap buffer overflow. Additionally, the path segment length field is also a uint8 t, which results in truncation when more than 255 ASNs are present.

Recommendations Update to version 1.2.10 or later.