DEBIAN-CVE-2026-48691

FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP ASPATH attribute encoder. In src/bgpprotocol.hpp, the IPv4UnicastAnnounce::getattributes() function computes attributelength as 'sizeof(bgpaspathsegmentelementt) + this->aspathasns.size()  sizeof(uint32t)' and stores it in a uint8t field (line 600-605). Since uint8t can only hold values 0-255, an ASPATH containing more than 63 ASNs (2 + 644 = 258 > 255) causes silent truncation. The truncated length is used for buffer sizing, while the actual data written is the full untruncated amount, resulting in a heap buffer overflow. Similarly, the pathsegmentlength field at line 621 is also uint8t, truncating with more than 255 ASNs.