Description
FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simple_packet_parser_ng.cpp, after validating that the packet contains at least sizeof(ipv4_header_t) bytes (20 bytes), the code advances the local_pointer by '4 * ipv4_header->get_ihl()' (line 164) without validating that (a) IHL >= 5 (the minimum valid value per RFC 791), or (b) 4 * IHL bytes are actually available in the packet. The IHL field is 4 bits, allowing values 0-15, so the advance can be 0-60 bytes. An IHL value of 15 with only 20 bytes validated causes a 40-byte over-read. An IHL of 0-4 causes the pointer to not advance past the IP header, resulting in the TCP/UDP header being parsed from IP header data (type confusion). This vulnerability is reachable via any packet capture interface.
Published: 2026-06-02
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

FastNetMon Community Edition versions 1.2.9 and earlier contain an out‑of‑bounds read in the IPv4 packet parser. The code advances a pointer by 4 times the IHL field after only checking that the packet contains the minimum 20 bytes. Because the IHL field can range from 0 to 15, the code may read up to 60 bytes beyond the header, exposing arbitrary memory contents that could include configuration, credentials or other sensitive data.

Affected Systems

The vulnerability affects any deployment of FastNetMon Community Edition versions 1.2.9 and earlier, including all builds using the source code before the security‑related commit that added IHL validation.

Risk and Exploitability

The flaw can be triggered by any packet captured on an interface, allowing an attacker to craft packets with out‑of‑range IHL values to cause the over‑read. No exploit code has been published, and the vulnerability is not listed in CISA KEV. The EPSS score of < 1% indicates a very low probability of exploitation, while the CVSS score of 5.9 reflects a medium severity impact centered on potential information disclosure rather than higher‑level compromise.

Generated by OpenCVE AI on June 4, 2026 at 16:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update FastNetMon to a version where IHL validation has been corrected (commit after 1.2.9 or later release).
  • If an update cannot be applied immediately, restrict packet capturing to trusted network interfaces and run FastNetMon under the least‑privileged user to limit exposed memory contents.
  • Implement monitoring of FastNetMon logs for parsing errors or out‑of‑bounds read indicators, and alert on any irregularities.

Generated by OpenCVE AI on June 4, 2026 at 16:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 04 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Title FastNetMon Community Edition IPv4 Parser Out‑Bounds Read Leading to Potential Information Disclosure

Thu, 04 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-843 CWE-125
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Wed, 03 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Title FastNetMon Community Edition IPv4 Parser Out‑Bounds Read Leading to Potential Information Disclosure

Wed, 03 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-843
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Pavel-odintsov
Pavel-odintsov fastnetmon
Vendors & Products Pavel-odintsov
Pavel-odintsov fastnetmon

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simple_packet_parser_ng.cpp, after validating that the packet contains at least sizeof(ipv4_header_t) bytes (20 bytes), the code advances the local_pointer by '4 * ipv4_header->get_ihl()' (line 164) without validating that (a) IHL >= 5 (the minimum valid value per RFC 791), or (b) 4 * IHL bytes are actually available in the packet. The IHL field is 4 bits, allowing values 0-15, so the advance can be 0-60 bytes. An IHL value of 15 with only 20 bytes validated causes a 40-byte over-read. An IHL of 0-4 causes the pointer to not advance past the IP header, resulting in the TCP/UDP header being parsed from IP header data (type confusion). This vulnerability is reachable via any packet capture interface.
References

Subscriptions

Pavel-odintsov Fastnetmon
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-04T13:21:59.532Z

Reserved: 2026-05-22T00:00:00.000Z

Link: CVE-2026-48682

cve-icon Vulnrichment

Updated: 2026-06-03T16:03:41.527Z

cve-icon NVD

Status : Deferred

Published: 2026-06-02T20:16:38.993

Modified: 2026-06-04T16:28:59.003

Link: CVE-2026-48682

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-04T16:30:06Z

Weaknesses