FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffer, append_data_as_pointer, append_data_as_object_ptr, memcpy_from_ptr, memcpy_from_object_ptr) use an incorrect bounds check of the form 'if (offset + length > maximum_internal_storage_size + 1)' instead of the [truncated]
FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the BGP AS_PATH attribute encoder. The vulnerability exists in src/bgp_protocol.hpp within the IPv4UnicastAnnounce::get_attributes() function. The code computes attribute_length as 'sizeof(bgp_as_path_segment_element_t) + this->as_path_asns.size() * sizeof(uint32_t)' and stores this value in a uint8_t field. Since uin [truncated]
CVE-2026-48688 documents multiple out-of-bounds read vulnerabilities in FastNetMon Community Edition through version 1.2.9, specifically within the BGP MP_REACH_NLRI IPv6 attribute decoder. The vulnerability resides in the `decode_mp_reach_ipv6()` function in `src/bgp_protocol.cpp`, where insufficient bounds validation allows attacker-controlled input to drive memory read operations beyond allocated buffe [truncated]
FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read vulnerability in its NetFlow v9 data flowset processor. The vulnerability exists in src/netflow_plugin/netflow_v9_collector.cpp, where the Data template branch (lines 1695-1702) iterates over flow records without performing per-iteration bounds checks against the packet end pointer. In contrast, the Options template branch (lines 17 [truncated]