VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 2, 2026

CVE-2026-48682

CVE-2026-48682

Description

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simple_packet_parser_ng.cpp, after validating that the packet contains at least sizeof(ipv4_header_t) bytes (20 bytes), the code advances the local_pointer by '4 * ipv4_header->get_ihl()' (line 164) without validating that (a) IHL >= 5 (the minimum valid value per RFC 791), or (b) 4 * IHL bytes are actually available in the packet. The IHL field is 4 bits, allowing values 0-15, so the advance can be 0-60 bytes. An IHL value of 15 with only 20 bytes validated causes a 40-byte over-read. An IHL of 0-4 causes the pointer to not advance past the IP header, resulting in the TCP/UDP header being parsed from IP header data (type confusion). This vulnerability is reachable via any packet capture interface.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"The IPv4 packet parser does not validate the IHL field sufficiently before advancing a pointer, leading to out-of-bounds reads and potential type confusion."

Attack vector

An attacker can trigger this vulnerability by sending specially crafted IPv4 packets to a packet capture interface monitored by FastNetMon Community Edition. The vulnerability lies within the IPv4 parser in `src/simple_packet_parser_ng.cpp`. By manipulating the Internet Header Length (IHL) field, an attacker can cause the parser to read beyond the bounds of the validated packet data. This can lead to denial of service, information disclosure, or type confusion if downstream parsers are affected [ref_id=1].

Affected code

The vulnerability exists in `src/simple_packet_parser_ng.cpp`, specifically between lines 130 and 164. The code advances a local pointer by `4 * ipv4_header->get_ihl()` without validating that the IHL value is at least 5 or that sufficient bytes are available in the packet [ref_id=1].

What the fix does

The advisory does not specify a patch or provide details on a fix. It states that as of May 23, 2026, no vendor response or fix has been released. Operators are advised to treat the parser as untrusted and apply mitigations described in the advisory [ref_id=1].

Preconditions

  • inputSpecially crafted IPv4 packets with a manipulated IHL field.
  • networkThe FastNetMon Community Edition must be listening on a packet capture interface.

Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.