CVE-2026-48682

説明

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simple_packet_parser_ng.cpp, after validating that the packet contains at least sizeof(ipv4_header_t) bytes (20 bytes), the code advances the local_pointer by '4 * ipv4_header->get_ihl()' (line 164) without validating that (a) IHL >= 5 (the minimum valid value per RFC 791), or (b) 4 * IHL bytes are actually available in the packet. The IHL field is 4 bits, allowing values 0-15, so the advance can be 0-60 bytes. An IHL value of 15 with only 20 bytes validated causes a 40-byte over-read. An IHL of 0-4 causes the pointer to not advance past the IP header, resulting in the TCP/UDP header being parsed from IP header data (type confusion). This vulnerability is reachable via any packet capture interface.

参照情報

NVDが列挙した参照URLを、リンクのホスト・パターンに対する機械的な一致でグループ化したもの。ラベルはリンクの種別のみを示します。

• 参照 https://github.com/pavel-odintsov/fastnetmon
• 参照 https://github.com/pavel-odintsov/fastnetmon/blob/master/src/simple_packet_parser_ng.cpp
• 参照 https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48682-ipv4-parser-oob