CVE-2026-48682 - Vulnerability Details

Description

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simple_packet_parser_ng.cpp, after validating that the packet contains at least sizeof(ipv4_header_t) bytes (20 bytes), the code advances the local_pointer by '4 * ipv4_header->get_ihl()' (line 164) without validating that (a) IHL >= 5 (the minimum valid value per RFC 791), or (b) 4 * IHL bytes are actually available in the packet. The IHL field is 4 bits, allowing values 0-15, so the advance can be 0-60 bytes. An IHL value of 15 with only 20 bytes validated causes a 40-byte over-read. An IHL of 0-4 causes the pointer to not advance past the IP header, resulting in the TCP/UDP header being parsed from IP header data (type confusion). This vulnerability is reachable via any packet capture interface.

Published: 2026-06-02

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability arises from an out‑of‑bounds read in the IPv4 packet parser of FastNetMon Community Edition versions up to 1.2.9, where the code advances the packet pointer using the IHL field without validating the header length or ensuring that enough bytes exist. This flaw can expose up to 60 bytes of memory content, potentially leaking sensitive information such as configuration data or credentials.

Affected Systems

Affected systems are the FastNetMon Community Edition tool distributed by the open‑source project led by Pavel Odintsov. Versions 1.2.9 and earlier are vulnerable; any deployments of that software will be impacted unless the code has been manually patched.

Risk and Exploitability

The over‑read can expose up to 60 bytes of memory content, potentially leaking sensitive data such as configuration or credentials. Since the flaw is triggered by any packet captured on an interface, a malicious network actor could craft a packet with a deliberately small or excessively large IHL value to cause the read. No exploit code has been published and the vulnerability is not listed in CISA KEV, and no EPSS score is available, indicating that public exploitation activity is currently low. Nevertheless, the lack of a patch in the current release means that the vulnerability remains actionable and could be used for information disclosure if a suitable threat actor can supply crafted packets to the monitored interface.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade FastNetMon to a version where the IHL validation has been fixed; the issue was addressed in later commits of the repository.
If an upgrade cannot be performed immediately, restrict packet capturing to trusted interfaces and run FastNetMon with the minimum necessary privileges to limit the potential impact of the memory exposure.
Monitor service logs for parsing errors related to the IPv4 header and confirm that the out‑of‑bounds read no longer occurs.

Generated by OpenCVE AI on June 3, 2026 at 04:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/pavel-odintsov/fastnetmon
https://github.com/pavel-odintsov/fastnetmon/blob/master/src/simple_packet_parser_ng.cpp
https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48682-ipv4-parser-oob

History

Wed, 03 Jun 2026 02:30:00 +0000

Type	Values Removed	Values Added
Description		FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simple_packet_parser_ng.cpp, after validating that the packet contains at least sizeof(ipv4_header_t) bytes (20 bytes), the code advances the local_pointer by '4 * ipv4_header->get_ihl()' (line 164) without validating that (a) IHL >= 5 (the minimum valid value per RFC 791), or (b) 4 * IHL bytes are actually available in the packet. The IHL field is 4 bits, allowing values 0-15, so the advance can be 0-60 bytes. An IHL value of 15 with only 20 bytes validated causes a 40-byte over-read. An IHL of 0-4 causes the pointer to not advance past the IP header, resulting in the TCP/UDP header being parsed from IP header data (type confusion). This vulnerability is reachable via any packet capture interface.
References		https://github.com/pavel-odintsov/fastnetmon https://github.com/pavel-odintsov/fastnetmon/blob/master/src/simple_packet_parser_ng.cpp https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48682-ipv4-parser-oob

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-06-02T00:00:00.000Z

Updated: 2026-06-02T19:41:51.849Z

Reserved: 2026-05-22T00:00:00.000Z

Link: CVE-2026-48682

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-02T20:16:38.993

Modified: 2026-06-02T20:16:38.993

Link: CVE-2026-48682

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-03T04:30:05Z

Weaknesses

No weakness.

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object