Description
FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packet_storage.hpp, the allocate_buffer() function computes memory_size_in_bytes as 'buffer_size_in_packets * (max_captured_packet_size + sizeof(fastnetmon_pcap_pkthdr_t)) + sizeof(fastnetmon_pcap_file_header_t)' using unsigned int (32-bit) arithmetic. With max_captured_packet_size=1500 and sizeof(fastnetmon_pcap_pkthdr_t)=16, each packet requires approximately 1516 bytes. If buffer_size_in_packets exceeds approximately 2,832,542, the multiplication overflows, resulting in a much smaller allocation than expected. Subsequent write_packet() calls then write past the allocated buffer, causing heap corruption. The buffer_size_in_packets value is derived from the ban_details_records_count configuration parameter, which is parsed using atoi() with no overflow checking.
Published: 2026-05-26
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An integer overflow occurs in FastNetMon Community Edition through version 1.2.9 when allocating memory for captured packets. The allocate_buffer() function multiplies buffer_size_in_packets by the size of a single packet header and payload using 32‑bit unsigned arithmetic. With the default maximum packet size of 1500 bytes and a 16‑byte header, each packet requires about 1516 bytes. When buffer_size_in_packets exceeds roughly 2,832,542 the multiplication overflows, yielding a memory block that is far smaller than intended. Subsequent calls to write_packet() then write past the end of this block, corrupting the heap. Because the buffer_size_in_packets value is derived from the ban_details_records_count configuration parameter and parsed with atoi() without bounds checking, an attacker who can influence that configuration can trigger the overflow and cause heap corruption, potentially leading to arbitrary code execution.

Affected Systems

FastNetMon Community Edition versions up to and including 1.2.9 are affected. The vulnerability exists in the packet_storage.hpp source code that is distributed in the community edition release. No other vendors or product lines are listed as impacted.

Risk and Exploitability

The CVSS score is not publicly available, but the nature of the overflow and the complete lack of input validation make this vulnerability a critical security risk. Heap corruption can be leveraged to execute arbitrary code, which may grant the attacker full control over the host. No public exploit has been reported, and the vulnerability is not listed in the CISA KEV catalog, but the EPSS metric is unavailable. The attack is likely local or remote depending on whether the attacker can modify the ban_details_records_count setting; if the configuration is editable by untrusted users, the risk escalates. Adequate hardening and patching are strongly advised.

Generated by OpenCVE AI on May 26, 2026 at 18:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade FastNetMon Community Edition to version 1.3.0 or later where the buffer allocation logic includes proper bounds checking and safe integer handling.
  • If upgrading is not immediately possible, limit the ban_details_records_count setting to a value well below 2,800,000 to prevent overflow.
  • Replace the atoi() parsing of ban_details_records_count with a validated integer conversion that checks the value falls within acceptable bounds before use.

Generated by OpenCVE AI on May 26, 2026 at 18:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 26 May 2026 19:15:00 +0000

Type Values Removed Values Added
Title Integer Overflow in FastNetMon Packet Storage Buffer Allocation
Weaknesses CWE-122
CWE-190

Tue, 26 May 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Pavel-odintsov
Pavel-odintsov fastnetmon
Vendors & Products Pavel-odintsov
Pavel-odintsov fastnetmon

Tue, 26 May 2026 17:00:00 +0000

Type Values Removed Values Added
Description FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packet_storage.hpp, the allocate_buffer() function computes memory_size_in_bytes as 'buffer_size_in_packets * (max_captured_packet_size + sizeof(fastnetmon_pcap_pkthdr_t)) + sizeof(fastnetmon_pcap_file_header_t)' using unsigned int (32-bit) arithmetic. With max_captured_packet_size=1500 and sizeof(fastnetmon_pcap_pkthdr_t)=16, each packet requires approximately 1516 bytes. If buffer_size_in_packets exceeds approximately 2,832,542, the multiplication overflows, resulting in a much smaller allocation than expected. Subsequent write_packet() calls then write past the allocated buffer, causing heap corruption. The buffer_size_in_packets value is derived from the ban_details_records_count configuration parameter, which is parsed using atoi() with no overflow checking.
References

Subscriptions

Pavel-odintsov Fastnetmon
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-26T21:01:57.049Z

Reserved: 2026-05-22T00:00:00.000Z

Link: CVE-2026-48690

cve-icon Vulnrichment

Updated: 2026-05-26T21:01:16.360Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-26T17:16:53.547

Modified: 2026-05-26T21:16:42.953

Link: CVE-2026-48690

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T19:00:15Z

Weaknesses