CVE-2026-48685 - Vulnerability Details

Description

FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgp_protocol.hpp, the parse_raw_bgp_attribute() function correctly identifies when extended_length_bit is set and sets length_of_length_field to 2, but then reads only a single byte for the attribute value length (attribute_value_length = value[2] at line 173). Per RFC 4271 Section 4.3, when the Extended Length bit is set, the Attribute Length field is two octets and the value should be read as a 16-bit big-endian integer from value[2] and value[3]. As a result, any attribute longer than 255 bytes has its length silently truncated to the low byte (e.g., 300 bytes = 0x012C is read as 0x2C = 44 bytes). The remaining 256 bytes are then misinterpreted as subsequent attributes, causing cascading parse failures and potential out-of-bounds memory access.

Published: 2026-05-26

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

FastNetMon Community Edition versions up to 1.2.9 incorrectly parse BGP path attributes when the extended length flag is set. The Parser reads only the low byte of a two‑byte length field, truncating the real length and mis‑interpreting remaining data as additional attributes. This flaw can trigger out‑of‑bounds memory accesses, potentially destabilizing the daemon or allowing malicious actors to crash the system. The vulnerability does not directly provide code execution capability but can be leveraged for service disruption.

Affected Systems

The flaw affects the FastNetMon Community Edition software, specifically versions 1.0.0 through 1.2.9. No vendor identification is provided beyond the project name. Due to the lack of explicit version numbers other than the 1.2.9 ceiling, all releases before 1.3.0 are presumed vulnerable.

Risk and Exploitability

The CVSS score is not provided; the EPSS score is unavailable, but the issue is not listed in the CISA KEV catalog, suggesting limited publicly documented exploitation. Attackers would need to send crafted BGP messages with the extended length flag set to trigger the bug, typically from a malicious BGP speaker. Because the vulnerability leads to crashes rather than immediate code execution, the risk is primarily denial‑of‑service for network traffic monitoring services running FastNetMon.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

Vendor Product Confidence Versions

Pavel-odintsov

Fastnetmon

85%

Version	Status	Scheme	Platform
`[0,1.2.9]`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade FastNetMon to version 1.3.0 or later to eliminate the parsing flaw
If an upgrade is not feasible, implement firewall or routing policies to block BGP messages that set the extended length bit until the fix is applied
Regularly monitor FastNetMon logs for parse errors or crashes and configure alerts to detect potential exploitation attempts

Generated by OpenCVE AI on May 26, 2026 at 16:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/pavel-odintsov/fastnetmon
https://github.com/pavel-odintsov/fastnetmon/blob/master/src/bgp_protocol.hpp
https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48685-bgp-extended-length

History

Tue, 26 May 2026 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Pavel-odintsov Pavel-odintsov fastnetmon
Vendors & Products		Pavel-odintsov Pavel-odintsov fastnetmon

Tue, 26 May 2026 16:45:00 +0000

Type	Values Removed	Values Added
Title		FastNetMon Community Edition BGP Attribute Length Parsing Vulnerability Causing OOB Access
Weaknesses		CWE-119

Tue, 26 May 2026 15:45:00 +0000

Type	Values Removed	Values Added
Description		FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgp_protocol.hpp, the parse_raw_bgp_attribute() function correctly identifies when extended_length_bit is set and sets length_of_length_field to 2, but then reads only a single byte for the attribute value length (attribute_value_length = value[2] at line 173). Per RFC 4271 Section 4.3, when the Extended Length bit is set, the Attribute Length field is two octets and the value should be read as a 16-bit big-endian integer from value[2] and value[3]. As a result, any attribute longer than 255 bytes has its length silently truncated to the low byte (e.g., 300 bytes = 0x012C is read as 0x2C = 44 bytes). The remaining 256 bytes are then misinterpreted as subsequent attributes, causing cascading parse failures and potential out-of-bounds memory access.
References		https://github.com/pavel-odintsov/fastnetmon https://github.com/pavel-odintsov/fastnetmon/blob/master/src/bgp_protocol.hpp https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48685-bgp-extended-length

Subscriptions

Pavel-odintsov Fastnetmon

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-05-26T00:00:00.000Z

Updated: 2026-05-26T15:22:07.299Z

Reserved: 2026-05-22T00:00:00.000Z

Link: CVE-2026-48685

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-26T16:16:26.570

Modified: 2026-05-26T16:16:26.570

Link: CVE-2026-48685

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-26T17:00:11Z

Weaknesses

CWE-119

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object