2484120 – (CVE-2026-48682) CVE-2026-48682 fastnetmon: FastNetMon: Information disclosure and denial of service in IPv4 packet parser

Bug 2484120 (CVE-2026-48682) - CVE-2026-48682 fastnetmon: FastNetMon: Information disclosure and denial of service in IPv4 packet parser

Summary: CVE-2026-48682 fastnetmon: FastNetMon: Information disclosure and denial of s...

Keywords:
Status:	NEW
Alias:	CVE-2026-48682
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2484334 2484335
Blocks:
TreeView+	depends on / blocked

Reported:	2026-06-02 20:02 UTC by OSIDB Bzimport
Modified:	2026-06-03 11:39 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-06-02 20:02:45 UTC

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simple_packet_parser_ng.cpp, after validating that the packet contains at least sizeof(ipv4_header_t) bytes (20 bytes), the code advances the local_pointer by '4 * ipv4_header->get_ihl()' (line 164) without validating that (a) IHL >= 5 (the minimum valid value per RFC 791), or (b) 4 * IHL bytes are actually available in the packet. The IHL field is 4 bits, allowing values 0-15, so the advance can be 0-60 bytes. An IHL value of 15 with only 20 bytes validated causes a 40-byte over-read. An IHL of 0-4 causes the pointer to not advance past the IP header, resulting in the TCP/UDP header being parsed from IP header data (type confusion). This vulnerability is reachable via any packet capture interface.

Note You need to log in before you can comment on or make changes to this bug.