CVE-2026-48682 in FastNetMon Community Editionالمعلومات

الملخص

بحسب MITRE • 03/06/2026

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simple_packet_parser_ng.cpp, after validating that the packet contains at least sizeof(ipv4_header_t) bytes (20 bytes), the code advances the local_pointer by '4 * ipv4_header->get_ihl()' (line 164) without validating that (a) IHL >= 5 (the minimum valid value per RFC 791), or (b) 4 * IHL bytes are actually available in the packet. The IHL field is 4 bits, allowing values 0-15, so the advance can be 0-60 bytes. An IHL value of 15 with only 20 bytes validated causes a 40-byte over-read. An IHL of 0-4 causes the pointer to not advance past the IP header, resulting in the TCP/UDP header being parsed from IP header data (type confusion). This vulnerability is reachable via any packet capture interface.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

MITRE

حجز

22/05/2026

إفشاء

03/06/2026

الاعتدال

تمت الموافقة

إدخال

VDB-368074

CPE

جاهز

CWE

CWE-125 (مؤكد)

CVSS

3.5 (VulDB)

EPSS

0.00017

KEV

لا

النشاطات

منخفض

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-48682
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-48682
CVE Details	https://www.cvedetails.com/cve/CVE-2026-48682/

التالي ▸نظرة عامة ◂ السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!