CVE-2026-48683 - Vulnerability Details

Description

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read vulnerability in the NetFlow v9 data flowset processor. In src/netflow_plugin/netflow_v9_collector.cpp, the Data template branch (lines 1695-1702) iterates over flow records without performing a per-iteration bounds check against the packet end pointer. In contrast, the Options template branch (lines 1709-1719) correctly checks 'if (pkt + offset + field_template->total_length > packet_end)' before each iteration. The Data branch omits this check entirely. Since template definitions are sent by the network peer (and are unauthenticated UDP), an attacker can craft templates that cause the parser to read arbitrary memory past the packet buffer. This can leak sensitive memory contents or cause a crash.

Published: 2026-05-26

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

FastNetMon Community Edition up to 1.2.9 includes an out‑of‑bounds read in the NetFlow v9 data flowset processor. The code that parses Data templates fails to perform a per‑iteration bounds check, allowing memory beyond the packet buffer to be accessed. An attacker could thus read arbitrary memory contents or cause the program to terminate unexpectedly, exposing sensitive internal data or rendering the monitoring system unavailable.

Affected Systems

All installations of FastNetMon Community Edition version 1.2.9 or earlier, which use the NetFlow v9 collector module, are affected.

Risk and Exploitability

The vulnerability can be exploited via crafted unauthenticated UDP NetFlow v9 packets sent from a network peer. Precise exploitation would require an attacker to send a malicious template definition to trigger the out‑of‑bounds read, which can then expose memory contents or crash the collector. The EPSS score is not available, but the CVE is not listed in the CISA KEV catalogue. The lack of authentication for NetFlow traffic and the direct memory read suggest a high risk of exploitation, particularly in environments where the collection module is exposed to untrusted networks. No confirmed public exploitation has been reported yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade FastNetMon to a version newer than 1.2.9 that includes the bounds check bug fix.
If an upgrade is not immediately possible, disable NetFlow v9 collection or restrict the collector to receive data only from trusted, authenticated peers.
Configure firewall rules to block or rate‑limit incoming NetFlow v9 UDP traffic from untrusted sources.

Generated by OpenCVE AI on May 26, 2026 at 16:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/pavel-odintsov/fastnetmon
https://github.com/pavel-odintsov/fastnetmon/blob/master/src/netflow_plugin/netflow_v9_collector.cpp
https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48683-netflow-v9-data-oob

History

Tue, 26 May 2026 16:45:00 +0000

Type	Values Removed	Values Added
Title		Unhandled Bounds Check in FastNetMon NetFlow v9 Parser Allows Memory Leak or Crash
Weaknesses		CWE-200 CWE-787

Tue, 26 May 2026 15:45:00 +0000

Type	Values Removed	Values Added
Description		FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read vulnerability in the NetFlow v9 data flowset processor. In src/netflow_plugin/netflow_v9_collector.cpp, the Data template branch (lines 1695-1702) iterates over flow records without performing a per-iteration bounds check against the packet end pointer. In contrast, the Options template branch (lines 1709-1719) correctly checks 'if (pkt + offset + field_template->total_length > packet_end)' before each iteration. The Data branch omits this check entirely. Since template definitions are sent by the network peer (and are unauthenticated UDP), an attacker can craft templates that cause the parser to read arbitrary memory past the packet buffer. This can leak sensitive memory contents or cause a crash.
References		https://github.com/pavel-odintsov/fastnetmon https://github.com/pavel-odintsov/fastnetmon/blob/master/src/netflow_plugin/netflow_v9_collector.cpp https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48683-netflow-v9-data-oob

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-05-26T00:00:00.000Z

Updated: 2026-05-26T14:35:10.092Z

Reserved: 2026-05-22T00:00:00.000Z

Link: CVE-2026-48683

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-26T16:16:26.330

Modified: 2026-05-26T16:16:26.330

Link: CVE-2026-48683

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-26T16:30:10Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object