Vulnerability Details CVE-2026-48684
FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the NetFlow v9 options template parser. In process_netflow_v9_options_template() (src/netflow_plugin/netflow_v9_collector.cpp), the scope parsing loop (lines 224-229) iterates until scopes_offset reaches the attacker-controlled option_scope_length value, reading netflow9_template_flowset_record_t structures at each step. No bounds check validates that (zone_address + scopes_offset + sizeof(record)) stays within the flowset. The same issue affects the options field loop (lines 241-257) with option_length. Furthermore, option_scope_length is not validated to be a multiple of sizeof(netflow9_template_flowset_record_t), potentially causing misaligned reads. An attacker can trigger reads past the end of the UDP packet buffer.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.2%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2026-48684
-
cpe:2.3:a:pavel-odintsov:fastnetmon:1.0.0
-
cpe:2.3:a:pavel-odintsov:fastnetmon:1.1.0
-
cpe:2.3:a:pavel-odintsov:fastnetmon:1.1.1
-
cpe:2.3:a:pavel-odintsov:fastnetmon:1.1.2
-
cpe:2.3:a:pavel-odintsov:fastnetmon:1.1.3
-
cpe:2.3:a:pavel-odintsov:fastnetmon:1.1.4
-
cpe:2.3:a:pavel-odintsov:fastnetmon:1.1.5
-
cpe:2.3:a:pavel-odintsov:fastnetmon:1.1.6
-
cpe:2.3:a:pavel-odintsov:fastnetmon:1.1.7
-
cpe:2.3:a:pavel-odintsov:fastnetmon:1.1.8
-
cpe:2.3:a:pavel-odintsov:fastnetmon:1.1.9
-
cpe:2.3:a:pavel-odintsov:fastnetmon:1.2.0
-
cpe:2.3:a:pavel-odintsov:fastnetmon:1.2.1
-
cpe:2.3:a:pavel-odintsov:fastnetmon:1.2.2
-
cpe:2.3:a:pavel-odintsov:fastnetmon:1.2.3
-
cpe:2.3:a:pavel-odintsov:fastnetmon:1.2.4
-
cpe:2.3:a:pavel-odintsov:fastnetmon:1.2.5
-
cpe:2.3:a:pavel-odintsov:fastnetmon:1.2.6
-
cpe:2.3:a:pavel-odintsov:fastnetmon:1.2.7
-
cpe:2.3:a:pavel-odintsov:fastnetmon:1.2.8