CVE-2026-48690 - Vulnerability Details

Description

FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packet_storage.hpp, the allocate_buffer() function computes memory_size_in_bytes as 'buffer_size_in_packets * (max_captured_packet_size + sizeof(fastnetmon_pcap_pkthdr_t)) + sizeof(fastnetmon_pcap_file_header_t)' using unsigned int (32-bit) arithmetic. With max_captured_packet_size=1500 and sizeof(fastnetmon_pcap_pkthdr_t)=16, each packet requires approximately 1516 bytes. If buffer_size_in_packets exceeds approximately 2,832,542, the multiplication overflows, resulting in a much smaller allocation than expected. Subsequent write_packet() calls then write past the allocated buffer, causing heap corruption. The buffer_size_in_packets value is derived from the ban_details_records_count configuration parameter, which is parsed using atoi() with no overflow checking.

Published: 2026-05-26

Score: 7.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

FastNetMon Community Edition versions up to 1.2.9 contain an integer overflow in the packet capture buffer allocation. The allocate_buffer() function calculates the memory size for captured packets using 32‑bit unsigned arithmetic, multiplying the requested number of packets by the size of each packet header plus the maximum packet payload. When the number of packets requested exceeds about 2,832,542, the multiplication wraps around, allocating a block that is far smaller than intended. Subsequent write_packet() calls then write beyond the end of this block, corrupting the heap. The overflow originates from the ban_details_records_count configuration parameter, parsed with atoi() without bounds checking, allowing an attacker who can influence this setting to trigger the overflow. While the documentation does not explicitly state that this corruption leads to code execution, the resulting heap corruption could, if an attacker can control the memory layout, be exploited to achieve arbitrary code execution – a common consequence of unchecked heap writes, but this outcome is inferred rather than confirmed.

Affected Systems

FastNetMon Community Edition releases up to and including 1.2.9 are affected. The vulnerability is present in the packet_storage.hpp source file distributed with the community edition. No other vendors or product lines are identified as impacted.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity issue. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no publicly known exploit. The attack vector depends on an attacker’s ability to alter the ban_details_records_count setting; if the configuration is editable by untrusted users, the risk is elevated. Based on the description, it is inferred that the heap corruption could be leveraged to achieve arbitrary code execution, a typical exploit path for unchecked memory writes, but this inference is based solely on the nature of the overflow rather than an explicit statement of exploitation. The instability and potential for denial of service also make this vulnerability significant.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:pavel-odintsov:fastnetmon:*:*:*:*:community:*:*:*

No data.

Vendor Product Confidence Versions

Pavel-odintsov

Fastnetmon

95%

Version	Status	Scheme	Platform
`[0,1.2.9]`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to a FastNetMon Community Edition version that fixes the buffer allocation overflow, if one is available.
Bypass the overflow until a patch is applied by restricting the ban_details_records_count configuration value to well below the 2,832,542 threshold, such as keeping it under 1,000,000.
Replace the atoi() conversion of ban_details_records_count with a safe integer parsing routine that validates the input range and prevents integer overflow.

Generated by OpenCVE AI on May 27, 2026 at 00:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00116.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/pavel-odintsov/fastnetmon
https://github.com/pavel-odintsov/fastnetmon/blob/master/src/packet_storage.hpp
https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48690-packet-storage-integer-overflow

History

Wed, 27 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:pavel-odintsov:fastnetmon:::::community:::*

Wed, 27 May 2026 01:00:00 +0000

Type	Values Removed	Values Added
Title	Integer Overflow in FastNetMon Packet Storage Buffer Allocation

Tue, 26 May 2026 21:30:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 26 May 2026 19:15:00 +0000

Type	Values Removed	Values Added
Title		Integer Overflow in FastNetMon Packet Storage Buffer Allocation
Weaknesses		CWE-122 CWE-190

Tue, 26 May 2026 19:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Pavel-odintsov Pavel-odintsov fastnetmon
Vendors & Products		Pavel-odintsov Pavel-odintsov fastnetmon

Tue, 26 May 2026 17:00:00 +0000

Type	Values Removed	Values Added
Description		FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packet_storage.hpp, the allocate_buffer() function computes memory_size_in_bytes as 'buffer_size_in_packets * (max_captured_packet_size + sizeof(fastnetmon_pcap_pkthdr_t)) + sizeof(fastnetmon_pcap_file_header_t)' using unsigned int (32-bit) arithmetic. With max_captured_packet_size=1500 and sizeof(fastnetmon_pcap_pkthdr_t)=16, each packet requires approximately 1516 bytes. If buffer_size_in_packets exceeds approximately 2,832,542, the multiplication overflows, resulting in a much smaller allocation than expected. Subsequent write_packet() calls then write past the allocated buffer, causing heap corruption. The buffer_size_in_packets value is derived from the ban_details_records_count configuration parameter, which is parsed using atoi() with no overflow checking.
References		https://github.com/pavel-odintsov/fastnetmon https://github.com/pavel-odintsov/fastnetmon/blob/master/src/packet_storage.hpp https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48690-packet-storage-integer-overflow

Subscriptions

Pavel-odintsov Fastnetmon

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-05-26T00:00:00.000Z

Updated: 2026-05-26T21:01:57.049Z

Reserved: 2026-05-22T00:00:00.000Z

Link: CVE-2026-48690

Vulnrichment

Updated: 2026-05-26T21:01:16.360Z

NVD

Status : Analyzed

Published: 2026-05-26T17:16:53.547

Modified: 2026-05-27T14:34:09.873

Link: CVE-2026-48690

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-27T00:45:20Z

Weaknesses

CWE-122
Heap-based Buffer Overflow
CWE-190
Integer Overflow or Wraparound

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object