CVE-2026-48685 – FastNetMon BGP Path Attribute Out-of-Bounds Memory Access Vulnerability

CVE ID :CVE-2026-48685

Published : May 26, 2026, 4:16 p.m. | 15 minutes ago

Description :FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgp_protocol.hpp, the parse_raw_bgp_attribute() function correctly identifies when extended_length_bit is set and sets length_of_length_field to 2, but then reads only a single byte for the attribute value length (attribute_value_length = value[2] at line 173). Per RFC 4271 Section 4.3, when the Extended Length bit is set, the Attribute Length field is two octets and the value should be read as a 16-bit big-endian integer from value[2] and value[3]. As a result, any attribute longer than 255 bytes has its length silently truncated to the low byte (e.g., 300 bytes = 0x012C is read as 0x2C = 44 bytes). The remaining 256 bytes are then misinterpreted as subsequent attributes, causing cascading parse failures and potential out-of-bounds memory access.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-48692 – FastNetMon Community Edition Unauthenticated gRPC API Remote Code Execution and Privilege Escalation

CVE-2026-48688 – FastNetMon Community Edition BGP MP_REACH_NLRI IPv6 Attribute Decoder Out-of-Bounds Read Vulnerability

CVE-2026-48687 – FastNetMon Juniper Router Integration OS Command Injection

CVE-2026-48686 – FastNetMon Community Edition Buffer Overflow Vulnerability