These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
FastNetMon Community Edition through 1.2.9 fails to validate TLS certificates on outbound HTTPS connections. The `execute_web_request_secure()` function in `src/fast_library.cpp` initializes a Boost.Asio SSL context with `tls_client` mode and loads CA certificates via `set_default_verify_paths()`, but omits the critical `set_verify_mode(boost::asio::ssl::verify_peer)` call. Without this verification mode, [truncated]
FastNetMon Community Edition through 1.2.9 contains a local symlink attack vulnerability stemming from insecure temporary file handling. The application defaults to writing statistics data to a predictable path at /tmp/fastnetmon.dat, which it opens with truncation semantics without symlink validation or O_NOFOLLOW protections. A secondary implementation error causes chmod operations to target a fixed pat [truncated]
FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packet_storage.hpp, the allocate_buffer() function computes memory_size_in_bytes as 'buffer_size_in_packets * (max_captured_packet_size + sizeof(fastnetmon_pcap_pkthdr_t)) + sizeof(fastnetmon_pcap_file_header_t)' using unsigned int (32-bit) arithmetic. With max_captured_pac [truncated]
FastNetMon Community Edition through 1.2.9 exposes an unauthenticated gRPC API on TCP port 50052. The server uses grpc::InsecureServerCredentials() and implements no credential verification across RPC methods including ExecuteBan, ExecuteUnBan, GetBanlist, and GetTotalTrafficCounters. ExecuteBan and ExecuteUnBan trigger BGP route announcements and external script execution via popen(). An attacker with lo [truncated]
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The _log() function in src/juniper_plugin/fastnetmon_juniper.php (lines 117-118) constructs shell commands by concatenating the $msg parameter directly into exec() calls: exec(“echo `date` “- [FASTNETMON] - ” . $msg . ” ” >> ” . $FILE_LOG_TMP). The $msg variable contains unsa [truncated]
FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (Network Layer Reachability Information) decoder. The vulnerability exists in decode_bgp_subnet_encoding_ipv4_raw() in src/bgp_protocol.cpp, where prefix_bit_length is read directly from BGP packets without validation that it is <= 32 for IPv4 prefixes. This unvalidated value propagates through how_much_bytes [truncated]
FastNetMon Community Edition through 1.2.9 contains an out-of-bounds memory access vulnerability in its BGP path attribute parsing logic. The flaw resides in `parse_raw_bgp_attribute()` within `src/bgp_protocol.hpp`, where the function correctly identifies the extended length flag but fails to read the full 16-bit attribute length when this flag is set. Per RFC 4271 Section 4.3, extended length attributes [truncated]
FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read vulnerability in its NetFlow v9 options template parser. The flaw exists in `process_netflow_v9_options_template()` within `src/netflow_plugin/netflow_v9_collector.cpp`. The scope parsing loop (lines 224-229) iterates using an attacker-controlled `option_scope_length` value without validating that `(zone_address + scopes_offset + si [truncated]
