Description
FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgp_protocol.hpp, the parse_raw_bgp_attribute() function correctly identifies when extended_length_bit is set and sets length_of_length_field to 2, but then reads only a single byte for the attribute value length (attribute_value_length = value[2] at line 173). Per RFC 4271 Section 4.3, when the Extended Length bit is set, the Attribute Length field is two octets and the value should be read as a 16-bit big-endian integer from value[2] and value[3]. As a result, any attribute longer than 255 bytes has its length silently truncated to the low byte (e.g., 300 bytes = 0x012C is read as 0x2C = 44 bytes). The remaining 256 bytes are then misinterpreted as subsequent attributes, causing cascading parse failures and potential out-of-bounds memory access.
Published: 2026-05-26
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

FastNetMon Community Edition through 1.2.9 incorrectly parses BGP path attributes when the extended length flag is set. The parsing routine reads only a single byte for the attribute value length, truncating the real length and mis‑interpreting remaining data as additional attributes. This flaw can trigger out-of-bounds memory accesses that may destabilise the daemon or allow malicious actors to crash the system. The vulnerability is an example of CWE-130 (Incorrect Length Calculation) and does not directly provide code execution capability but can be leveraged for service disruption.

Affected Systems

The flaw affects the FastNetMon Community Edition software, specifically any release with a version number of 1.2.9 or earlier. No further vendor information is supplied beyond the project name, and no additional affected versions are identified.

Risk and Exploitability

The CVSS score of 6.5 categorises this out-of-bounds parsing flaw as a moderate‑severity issue. The EPSS score is not available, and the vulnerability has not been listed in the CISA KEV catalog, indicating limited evidence of active exploitation. Attackers would need to send malformed BGP updates that set the extended‑length bit from a BGP‑speaking router reachable by the FastNetMon instance. Successfully parsing such a packet would trigger out-of-bounds memory access and could cause the daemon to crash, leading to service disruption for traffic monitoring.

Generated by OpenCVE AI on May 27, 2026 at 02:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade FastNetMon to the latest available version to eliminate the parsing flaw
  • If an upgrade is not feasible, configure routing or firewall rules to block BGP messages that set the extended‑length bit until the fix is applied
  • Monitor FastNetMon logs for parse errors or crashes and set up alerts to detect potential exploitation attempts

Generated by OpenCVE AI on May 27, 2026 at 02:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 14:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:pavel-odintsov:fastnetmon:*:*:*:*:community:*:*:*

Wed, 27 May 2026 02:45:00 +0000

Type Values Removed Values Added
Title FastNetMon BGP Extended Length Parsing Flaw

Wed, 27 May 2026 01:00:00 +0000

Type Values Removed Values Added
Title FastNetMon Community Edition BGP Attribute Length Parsing Vulnerability Causing OOB Access
Weaknesses CWE-119

Tue, 26 May 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-130
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Pavel-odintsov
Pavel-odintsov fastnetmon
Vendors & Products Pavel-odintsov
Pavel-odintsov fastnetmon

Tue, 26 May 2026 16:45:00 +0000

Type Values Removed Values Added
Title FastNetMon Community Edition BGP Attribute Length Parsing Vulnerability Causing OOB Access
Weaknesses CWE-119

Tue, 26 May 2026 15:45:00 +0000

Type Values Removed Values Added
Description FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgp_protocol.hpp, the parse_raw_bgp_attribute() function correctly identifies when extended_length_bit is set and sets length_of_length_field to 2, but then reads only a single byte for the attribute value length (attribute_value_length = value[2] at line 173). Per RFC 4271 Section 4.3, when the Extended Length bit is set, the Attribute Length field is two octets and the value should be read as a 16-bit big-endian integer from value[2] and value[3]. As a result, any attribute longer than 255 bytes has its length silently truncated to the low byte (e.g., 300 bytes = 0x012C is read as 0x2C = 44 bytes). The remaining 256 bytes are then misinterpreted as subsequent attributes, causing cascading parse failures and potential out-of-bounds memory access.
References

Subscriptions

Pavel-odintsov Fastnetmon
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-26T20:56:12.251Z

Reserved: 2026-05-22T00:00:00.000Z

Link: CVE-2026-48685

cve-icon Vulnrichment

Updated: 2026-05-26T20:56:06.826Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-26T16:16:26.570

Modified: 2026-06-17T10:55:10.310

Link: CVE-2026-48685

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T02:30:05Z

Weaknesses
  • CWE-130

    Improper Handling of Length Parameter Inconsistency