CVE-2026-48684
Publication date 26 May 2026
Last updated 27 May 2026
Ubuntu priority
Description
FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the NetFlow v9 options template parser. In process_netflow_v9_options_template() (src/netflow_plugin/netflow_v9_collector.cpp), the scope parsing loop (lines 224-229) iterates until scopes_offset reaches the attacker-controlled option_scope_length value, reading netflow9_template_flowset_record_t structures at each step. No bounds check validates that (zone_address + scopes_offset + sizeof(record)) stays within the flowset. The same issue affects the options field loop (lines 241-257) with option_length. Furthermore, option_scope_length is not validated to be a multiple of sizeof(netflow9_template_flowset_record_t), potentially causing misaligned reads. An attacker can trigger reads past the end of the UDP packet buffer.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| fastnetmon | 26.04 LTS resolute |
Needs evaluation
|
| 25.10 questing |
Needs evaluation
|
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
6.5 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | None |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L |
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2026-48684
- https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48684-netflow-v9-options-oob
- https://github.com/pavel-odintsov/fastnetmon/commit/aa1069abaa8624e50b5d0c6c8ccd0f5d9ddc111e
- https://github.com/pavel-odintsov/fastnetmon/pull/1057
- https://github.com/pavel-odintsov/fastnetmon
- https://github.com/pavel-odintsov/fastnetmon/blob/master/src/netflow_plugin/netflow_v9_collector.cpp