CVE-2026-48691
published 2026-05-26CVE-2026-48691: FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the…
PriorityP351critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.31%
22.4th percentile
FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the IPv4UnicastAnnounce::get_attributes() function computes attribute_length as 'sizeof(bgp_as_path_segment_element_t) + this->as_path_asns.size() * sizeof(uint32_t)' and stores it in a uint8_t field (line 600-605). Since uint8_t can only hold values 0-255, an AS_PATH containing more than 63 ASNs (2 + 64*4 = 258 > 255) causes silent truncation. The truncated length is used for buffer sizing, while the actual data written is the full untruncated amount, resulting in a heap buffer overflow. Similarly, the path_segment_length field at line 621 is also uint8_t, truncating with more than 255 ASNs.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pavel-odintsov | fastnetmon | <= 1.2.9 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
FastNetMon Community Edition up to 1.2.9 src/bgp_protocol.hpp get_attributes uint8_t integer overflow (Nessus ID 321184)
vuldb·2026-06-19·CVSS 9.8
CVE-2026-48691 [CRITICAL] FastNetMon Community Edition up to 1.2.9 src/bgp_protocol.hpp get_attributes uint8_t integer overflow (Nessus ID 321184)
A vulnerability categorized as problematic has been discovered in FastNetMon Community Edition up to 1.2.9. The impacted element is the function IPv4UnicastAnnounce::get_attributes of the file src/bgp_protocol.hpp. Such manipulation of the argument uint8_t leads to integer overflow.
This vulnerability is uniquely identified as CVE-2026-48691. The attack can only be initiated within the local network. No exploit exists.
GHSA
GHSA-pjmc-gjwh-qr2w: FastNetMon Community Edition through 1
ghsa_unreviewed·2026-05-26
CVE-2026-48691 [CRITICAL] CWE-122 GHSA-pjmc-gjwh-qr2w: FastNetMon Community Edition through 1
FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the IPv4UnicastAnnounce::get_attributes() function computes attribute_length as 'sizeof(bgp_as_path_segment_element_t) + this->as_path_asns.size() * sizeof(uint32_t)' and stores it in a uint8_t field (line 600-605). Since uint8_t can only hold values 0-255, an AS_PATH containing more than 63 ASNs (2 + 64*4 = 258 > 255) causes silent truncation. The truncated length is used for buffer sizing, while the actual data written is the full untruncated amount, resulting in a heap buffer overflow. Similarly, the path_segment_length field at line 621 is also uint8_t, truncating with more than 255 ASNs.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-48691 fastnetmon: integer overflow in the BGP AS_PATH attribute encoder [fedora-all]
bugzilla·2026-05-28·CVSS 9.8
CVE-2026-48691 [CRITICAL] CVE-2026-48691 fastnetmon: integer overflow in the BGP AS_PATH attribute encoder [fedora-all]
CVE-2026-48691 fastnetmon: integer overflow in the BGP AS_PATH attribute encoder [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48691 fastnetmon: integer overflow in the BGP AS_PATH attribute encoder [epel-all]
bugzilla·2026-05-28·CVSS 9.8
CVE-2026-48691 [CRITICAL] CVE-2026-48691 fastnetmon: integer overflow in the BGP AS_PATH attribute encoder [epel-all]
CVE-2026-48691 fastnetmon: integer overflow in the BGP AS_PATH attribute encoder [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48691 fastnetmon: integer overflow in the BGP AS_PATH attribute encoder
bugzilla·2026-05-26·CVSS 9.8
CVE-2026-48691 [CRITICAL] CVE-2026-48691 fastnetmon: integer overflow in the BGP AS_PATH attribute encoder
CVE-2026-48691 fastnetmon: integer overflow in the BGP AS_PATH attribute encoder
FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the IPv4UnicastAnnounce::get_attributes() function computes attribute_length as 'sizeof(bgp_as_path_segment_element_t) + this->as_path_asns.size() * sizeof(uint32_t)' and stores it in a uint8_t field (line 600-605). Since uint8_t can only hold values 0-255, an AS_PATH containing more than 63 ASNs (2 + 64*4 = 258 > 255) causes silent truncation. The truncated length is used for buffer sizing, while the actual data written is the full untruncated amount, resulting in a heap buffer overflow. Similarly, the path_segment_length field at line 621 is also uint8_t, truncating with mor
2026-05-26
Published