CVE-2024-56073

Vulnerability

FastNetMon Community Edition through version 1.2.7 contains a divide-by-zero vulnerability in its Netflow v9 template processing code. When a remote attacker sends a specially crafted Netflow v9 packet containing a data or options template with a zero-length field, the function process_netflow_v9_template or process_netflow_v9_options_template performs a division using the zero length as a divisor, causing a crash [2]. The issue resides in the handling of total_size and option_length values derived from the packet without proper validation [2][1].

Exploitation

An attacker with network access to the affected FastNetMon instance can send a crafted Netflow v9 packet that includes a zero-length data or options template. No authentication is required. The attacker triggers the vulnerable code path by setting the template length fields to zero, which leads to a division-by-zero error when the software attempts to iterate over or parse the template records [2]. The crash occurs immediately upon processing the malformed packet [2][1].

Impact

Successful exploitation results in a denial of service (DoS) due to a divide-by-zero error that crashes the FastNetMon application [2][1]. The attacker disrupts network monitoring functionality, preventing detection of anomalous traffic. No data exfiltration, elevation of privilege, or permanent system compromise is documented.

Mitigation

The vulnerability is fixed in commit a36718525e08ad0f2a809363001bf105efc5fe1c, which adds explicit checks for zero-length templates and returns false before the division occurs [2]. Users should upgrade to a version containing this commit or apply the patch manually. As of the 2024-12-15 publication date, no official newer release is mentioned; administrators should monitor the FastNetMon repository for a patched release [2]. No workaround is documented, and the CVE is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.