Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by python-zeroconf
CVE-2026-48487 (GCVE-0-2026-48487)
Vulnerability from nvd – Published: 2026-07-17 18:28 – Updated: 2026-07-17 18:28
VLAI
EPSS
VEX
Title
Zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruption via crafted mDNS packet
Summary
Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.16, _read_character_string and _read_string in src/zeroconf/_protocol/incoming.py advanced self.offset by attacker-declared RDLENGTH without checking it against self._data_len, allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to send a TXT, HINFO, or A/AAAA record with rdlength=65535 and seed DNSCache and ServiceInfo.properties with truncated, attacker-shaped key/value or address records. This issue is fixed in version 0.149.16.
Severity
CWE
- CWE-130 - Improper Handling of Length Parameter Inconsistency
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_CONFIRM |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| python-zeroconf | python-zeroconf |
Affected:
< 0.149.16
|
{
"containers": {
"cna": {
"affected": [
{
"product": "python-zeroconf",
"vendor": "python-zeroconf",
"versions": [
{
"status": "affected",
"version": "\u003c 0.149.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.16, _read_character_string and _read_string in src/zeroconf/_protocol/incoming.py advanced self.offset by attacker-declared RDLENGTH without checking it against self._data_len, allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to send a TXT, HINFO, or A/AAAA record with rdlength=65535 and seed DNSCache and ServiceInfo.properties with truncated, attacker-shaped key/value or address records. This issue is fixed in version 0.149.16."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130: Improper Handling of Length Parameter Inconsistency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-17T18:28:21.417Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-qc2x-6f54-m6h9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-qc2x-6f54-m6h9"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/issues/1752",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/issues/1752"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/pull/1756",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/pull/1756"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/commit/544449596e645fcaad3834fa0cb614a54f847a82",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/commit/544449596e645fcaad3834fa0cb614a54f847a82"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.16",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.16"
}
],
"source": {
"advisory": "GHSA-qc2x-6f54-m6h9",
"discovery": "UNKNOWN"
},
"title": "Zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruption via crafted mDNS packet"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-48487",
"datePublished": "2026-07-17T18:28:21.417Z",
"dateReserved": "2026-05-21T15:33:08.291Z",
"dateUpdated": "2026-07-17T18:28:21.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48045 (GCVE-0-2026-48045)
Vulnerability from nvd – Published: 2026-07-17 18:26 – Updated: 2026-07-17 19:21
VLAI
EPSS
VEX
Title
Zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood
Summary
Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.12, AsyncListener.handle_query_or_defer retained every truncated TC-bit incoming query, each up to _MAX_MSG_ABSOLUTE = 8966 bytes, in self._deferred[addr] and armed a per-address timer in self._timers[addr] without capping the per-address list or distinct addr keys, allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to spoof sources, grow _deferred and _timers, and cause memory exhaustion and quadratic CPU burn. This issue is fixed in version 0.149.12.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_CONFIRM |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| python-zeroconf | python-zeroconf |
Affected:
< 0.149.12
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48045",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-17T19:21:32.304752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-17T19:21:38.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "python-zeroconf",
"vendor": "python-zeroconf",
"versions": [
{
"status": "affected",
"version": "\u003c 0.149.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.12, AsyncListener.handle_query_or_defer retained every truncated TC-bit incoming query, each up to _MAX_MSG_ABSOLUTE = 8966 bytes, in self._deferred[addr] and armed a per-address timer in self._timers[addr] without capping the per-address list or distinct addr keys, allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to spoof sources, grow _deferred and _timers, and cause memory exhaustion and quadratic CPU burn. This issue is fixed in version 0.149.12."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-17T18:26:19.274Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-9663-mqmp-p9mm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-9663-mqmp-p9mm"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/pull/1751",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/pull/1751"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/commit/b22c8ff19c66c68907d220a4823c0950f4fa93f7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/commit/b22c8ff19c66c68907d220a4823c0950f4fa93f7"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.12"
}
],
"source": {
"advisory": "GHSA-9663-mqmp-p9mm",
"discovery": "UNKNOWN"
},
"title": "Zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-48045",
"datePublished": "2026-07-17T18:26:19.274Z",
"dateReserved": "2026-05-20T18:15:53.578Z",
"dateUpdated": "2026-07-17T19:21:38.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-47184 (GCVE-0-2026-47184)
Vulnerability from nvd – Published: 2026-07-17 18:25 – Updated: 2026-07-17 18:25
VLAI
EPSS
VEX
Title
Zeroconf: Unbounded DNS record cache allows LAN-local memory exhaustion via multicast flood
Summary
Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.7, DNSCache._async_add inserted every response record into cache, _expirations, _expire_heap, and service_cache without a cap, allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to multicast valid mDNS responses with unique names and cause memory exhaustion, slower cache lookups, slower async_expire passes, and broken discovery, registration, and ServiceBrowser callbacks. This issue is fixed in version 0.149.7.
Severity
6.5 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_CONFIRM |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| python-zeroconf | python-zeroconf |
Affected:
< 0.149.7
|
{
"containers": {
"cna": {
"affected": [
{
"product": "python-zeroconf",
"vendor": "python-zeroconf",
"versions": [
{
"status": "affected",
"version": "\u003c 0.149.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.7, DNSCache._async_add inserted every response record into cache, _expirations, _expire_heap, and service_cache without a cap, allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to multicast valid mDNS responses with unique names and cause memory exhaustion, slower cache lookups, slower async_expire passes, and broken discovery, registration, and ServiceBrowser callbacks. This issue is fixed in version 0.149.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-17T18:25:07.387Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-rfg2-pjw2-56x2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-rfg2-pjw2-56x2"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/issues/1715",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/issues/1715"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/pull/1718",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/pull/1718"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/commit/0ad3f37b5b852b8f614d322283d148efb2cef6e4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/commit/0ad3f37b5b852b8f614d322283d148efb2cef6e4"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.7"
}
],
"source": {
"advisory": "GHSA-rfg2-pjw2-56x2",
"discovery": "UNKNOWN"
},
"title": "Zeroconf: Unbounded DNS record cache allows LAN-local memory exhaustion via multicast flood"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-47184",
"datePublished": "2026-07-17T18:25:07.387Z",
"dateReserved": "2026-05-18T22:07:37.434Z",
"dateUpdated": "2026-07-17T18:25:07.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-47183 (GCVE-0-2026-47183)
Vulnerability from nvd – Published: 2026-07-17 18:22 – Updated: 2026-07-17 23:15
VLAI
EPSS
VEX
Title
Zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion
Summary
Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.6, DNSIncoming._log_exception_debug and the four QuietLogger exception-dedup methods stored an unbounded _seen_logs dictionary keyed by attacker-influenced IncomingDecodeError messages, retaining sys.exc_info() tracebacks whose frame locals kept raw packet self.data buffers and allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to drive memory growth until mDNS-dependent features degrade or the process is OOM-killed. This issue is fixed in version 0.149.6.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_CONFIRM |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| python-zeroconf | python-zeroconf |
Affected:
< 0.149.6
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-47183",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-17T21:08:53.994450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-17T23:15:36.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "python-zeroconf",
"vendor": "python-zeroconf",
"versions": [
{
"status": "affected",
"version": "\u003c 0.149.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.6, DNSIncoming._log_exception_debug and the four QuietLogger exception-dedup methods stored an unbounded _seen_logs dictionary keyed by attacker-influenced IncomingDecodeError messages, retaining sys.exc_info() tracebacks whose frame locals kept raw packet self.data buffers and allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to drive memory growth until mDNS-dependent features degrade or the process is OOM-killed. This issue is fixed in version 0.149.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-17T18:22:59.803Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-phvx-9mgw-67r5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-phvx-9mgw-67r5"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/issues/1714",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/issues/1714"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/pull/1717",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/pull/1717"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/commit/95561e28b24922358f1991e38e3a86d70d72dcec",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/commit/95561e28b24922358f1991e38e3a86d70d72dcec"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.6"
}
],
"source": {
"advisory": "GHSA-phvx-9mgw-67r5",
"discovery": "UNKNOWN"
},
"title": "Zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-47183",
"datePublished": "2026-07-17T18:22:59.803Z",
"dateReserved": "2026-05-18T22:07:37.434Z",
"dateUpdated": "2026-07-17T23:15:36.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-47180 (GCVE-0-2026-47180)
Vulnerability from nvd – Published: 2026-07-17 18:21 – Updated: 2026-07-17 19:21
VLAI
EPSS
VEX
Title
Zeroconf: Unbounded recursion in DNS compression-pointer decoder allows LAN-local denial of service
Summary
Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.5, DNSIncoming._decode_labels_at_offset recurses once per DNS-name compression pointer, and a single mDNS packet carrying chained pointers can trigger a RecursionError that escapes DNSIncoming.__init__, causing sustained CPU burn, log flooding, and degraded mDNS-dependent features for unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb). This issue is fixed in version 0.149.5.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-674 - Uncontrolled Recursion
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_CONFIRM |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| python-zeroconf | python-zeroconf |
Affected:
< 0.149.5
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-47180",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-17T19:21:22.892470Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-17T19:21:29.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "python-zeroconf",
"vendor": "python-zeroconf",
"versions": [
{
"status": "affected",
"version": "\u003c 0.149.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.5, DNSIncoming._decode_labels_at_offset recurses once per DNS-name compression pointer, and a single mDNS packet carrying chained pointers can trigger a RecursionError that escapes DNSIncoming.__init__, causing sustained CPU burn, log flooding, and degraded mDNS-dependent features for unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb). This issue is fixed in version 0.149.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-17T18:21:25.199Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-9pgc-3ccv-5297",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-9pgc-3ccv-5297"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/pull/1719",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/pull/1719"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/commit/f9e23592137f30fdf7ef710dba065da31c79b1cf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/commit/f9e23592137f30fdf7ef710dba065da31c79b1cf"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.5"
}
],
"source": {
"advisory": "GHSA-9pgc-3ccv-5297",
"discovery": "UNKNOWN"
},
"title": "Zeroconf: Unbounded recursion in DNS compression-pointer decoder allows LAN-local denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-47180",
"datePublished": "2026-07-17T18:21:25.199Z",
"dateReserved": "2026-05-18T22:07:37.434Z",
"dateUpdated": "2026-07-17T19:21:29.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48487 (GCVE-0-2026-48487)
Vulnerability from cvelistv5 – Published: 2026-07-17 18:28 – Updated: 2026-07-17 18:28
VLAI
EPSS
VEX
Title
Zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruption via crafted mDNS packet
Summary
Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.16, _read_character_string and _read_string in src/zeroconf/_protocol/incoming.py advanced self.offset by attacker-declared RDLENGTH without checking it against self._data_len, allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to send a TXT, HINFO, or A/AAAA record with rdlength=65535 and seed DNSCache and ServiceInfo.properties with truncated, attacker-shaped key/value or address records. This issue is fixed in version 0.149.16.
Severity
CWE
- CWE-130 - Improper Handling of Length Parameter Inconsistency
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_CONFIRM |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| python-zeroconf | python-zeroconf |
Affected:
< 0.149.16
|
{
"containers": {
"cna": {
"affected": [
{
"product": "python-zeroconf",
"vendor": "python-zeroconf",
"versions": [
{
"status": "affected",
"version": "\u003c 0.149.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.16, _read_character_string and _read_string in src/zeroconf/_protocol/incoming.py advanced self.offset by attacker-declared RDLENGTH without checking it against self._data_len, allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to send a TXT, HINFO, or A/AAAA record with rdlength=65535 and seed DNSCache and ServiceInfo.properties with truncated, attacker-shaped key/value or address records. This issue is fixed in version 0.149.16."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130: Improper Handling of Length Parameter Inconsistency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-17T18:28:21.417Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-qc2x-6f54-m6h9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-qc2x-6f54-m6h9"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/issues/1752",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/issues/1752"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/pull/1756",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/pull/1756"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/commit/544449596e645fcaad3834fa0cb614a54f847a82",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/commit/544449596e645fcaad3834fa0cb614a54f847a82"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.16",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.16"
}
],
"source": {
"advisory": "GHSA-qc2x-6f54-m6h9",
"discovery": "UNKNOWN"
},
"title": "Zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruption via crafted mDNS packet"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-48487",
"datePublished": "2026-07-17T18:28:21.417Z",
"dateReserved": "2026-05-21T15:33:08.291Z",
"dateUpdated": "2026-07-17T18:28:21.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48045 (GCVE-0-2026-48045)
Vulnerability from cvelistv5 – Published: 2026-07-17 18:26 – Updated: 2026-07-17 19:21
VLAI
EPSS
VEX
Title
Zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood
Summary
Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.12, AsyncListener.handle_query_or_defer retained every truncated TC-bit incoming query, each up to _MAX_MSG_ABSOLUTE = 8966 bytes, in self._deferred[addr] and armed a per-address timer in self._timers[addr] without capping the per-address list or distinct addr keys, allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to spoof sources, grow _deferred and _timers, and cause memory exhaustion and quadratic CPU burn. This issue is fixed in version 0.149.12.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_CONFIRM |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| python-zeroconf | python-zeroconf |
Affected:
< 0.149.12
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48045",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-17T19:21:32.304752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-17T19:21:38.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "python-zeroconf",
"vendor": "python-zeroconf",
"versions": [
{
"status": "affected",
"version": "\u003c 0.149.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.12, AsyncListener.handle_query_or_defer retained every truncated TC-bit incoming query, each up to _MAX_MSG_ABSOLUTE = 8966 bytes, in self._deferred[addr] and armed a per-address timer in self._timers[addr] without capping the per-address list or distinct addr keys, allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to spoof sources, grow _deferred and _timers, and cause memory exhaustion and quadratic CPU burn. This issue is fixed in version 0.149.12."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-17T18:26:19.274Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-9663-mqmp-p9mm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-9663-mqmp-p9mm"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/pull/1751",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/pull/1751"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/commit/b22c8ff19c66c68907d220a4823c0950f4fa93f7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/commit/b22c8ff19c66c68907d220a4823c0950f4fa93f7"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.12"
}
],
"source": {
"advisory": "GHSA-9663-mqmp-p9mm",
"discovery": "UNKNOWN"
},
"title": "Zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-48045",
"datePublished": "2026-07-17T18:26:19.274Z",
"dateReserved": "2026-05-20T18:15:53.578Z",
"dateUpdated": "2026-07-17T19:21:38.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-47184 (GCVE-0-2026-47184)
Vulnerability from cvelistv5 – Published: 2026-07-17 18:25 – Updated: 2026-07-17 18:25
VLAI
EPSS
VEX
Title
Zeroconf: Unbounded DNS record cache allows LAN-local memory exhaustion via multicast flood
Summary
Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.7, DNSCache._async_add inserted every response record into cache, _expirations, _expire_heap, and service_cache without a cap, allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to multicast valid mDNS responses with unique names and cause memory exhaustion, slower cache lookups, slower async_expire passes, and broken discovery, registration, and ServiceBrowser callbacks. This issue is fixed in version 0.149.7.
Severity
6.5 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_CONFIRM |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| python-zeroconf | python-zeroconf |
Affected:
< 0.149.7
|
{
"containers": {
"cna": {
"affected": [
{
"product": "python-zeroconf",
"vendor": "python-zeroconf",
"versions": [
{
"status": "affected",
"version": "\u003c 0.149.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.7, DNSCache._async_add inserted every response record into cache, _expirations, _expire_heap, and service_cache without a cap, allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to multicast valid mDNS responses with unique names and cause memory exhaustion, slower cache lookups, slower async_expire passes, and broken discovery, registration, and ServiceBrowser callbacks. This issue is fixed in version 0.149.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-17T18:25:07.387Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-rfg2-pjw2-56x2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-rfg2-pjw2-56x2"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/issues/1715",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/issues/1715"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/pull/1718",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/pull/1718"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/commit/0ad3f37b5b852b8f614d322283d148efb2cef6e4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/commit/0ad3f37b5b852b8f614d322283d148efb2cef6e4"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.7"
}
],
"source": {
"advisory": "GHSA-rfg2-pjw2-56x2",
"discovery": "UNKNOWN"
},
"title": "Zeroconf: Unbounded DNS record cache allows LAN-local memory exhaustion via multicast flood"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-47184",
"datePublished": "2026-07-17T18:25:07.387Z",
"dateReserved": "2026-05-18T22:07:37.434Z",
"dateUpdated": "2026-07-17T18:25:07.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-47183 (GCVE-0-2026-47183)
Vulnerability from cvelistv5 – Published: 2026-07-17 18:22 – Updated: 2026-07-17 23:15
VLAI
EPSS
VEX
Title
Zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion
Summary
Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.6, DNSIncoming._log_exception_debug and the four QuietLogger exception-dedup methods stored an unbounded _seen_logs dictionary keyed by attacker-influenced IncomingDecodeError messages, retaining sys.exc_info() tracebacks whose frame locals kept raw packet self.data buffers and allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to drive memory growth until mDNS-dependent features degrade or the process is OOM-killed. This issue is fixed in version 0.149.6.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_CONFIRM |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| python-zeroconf | python-zeroconf |
Affected:
< 0.149.6
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-47183",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-17T21:08:53.994450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-17T23:15:36.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "python-zeroconf",
"vendor": "python-zeroconf",
"versions": [
{
"status": "affected",
"version": "\u003c 0.149.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.6, DNSIncoming._log_exception_debug and the four QuietLogger exception-dedup methods stored an unbounded _seen_logs dictionary keyed by attacker-influenced IncomingDecodeError messages, retaining sys.exc_info() tracebacks whose frame locals kept raw packet self.data buffers and allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to drive memory growth until mDNS-dependent features degrade or the process is OOM-killed. This issue is fixed in version 0.149.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-17T18:22:59.803Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-phvx-9mgw-67r5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-phvx-9mgw-67r5"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/issues/1714",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/issues/1714"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/pull/1717",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/pull/1717"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/commit/95561e28b24922358f1991e38e3a86d70d72dcec",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/commit/95561e28b24922358f1991e38e3a86d70d72dcec"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.6"
}
],
"source": {
"advisory": "GHSA-phvx-9mgw-67r5",
"discovery": "UNKNOWN"
},
"title": "Zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-47183",
"datePublished": "2026-07-17T18:22:59.803Z",
"dateReserved": "2026-05-18T22:07:37.434Z",
"dateUpdated": "2026-07-17T23:15:36.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-47180 (GCVE-0-2026-47180)
Vulnerability from cvelistv5 – Published: 2026-07-17 18:21 – Updated: 2026-07-17 19:21
VLAI
EPSS
VEX
Title
Zeroconf: Unbounded recursion in DNS compression-pointer decoder allows LAN-local denial of service
Summary
Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.5, DNSIncoming._decode_labels_at_offset recurses once per DNS-name compression pointer, and a single mDNS packet carrying chained pointers can trigger a RecursionError that escapes DNSIncoming.__init__, causing sustained CPU burn, log flooding, and degraded mDNS-dependent features for unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb). This issue is fixed in version 0.149.5.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-674 - Uncontrolled Recursion
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_CONFIRM |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
| https://github.com/python-zeroconf/python-zerocon… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| python-zeroconf | python-zeroconf |
Affected:
< 0.149.5
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-47180",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-17T19:21:22.892470Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-17T19:21:29.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "python-zeroconf",
"vendor": "python-zeroconf",
"versions": [
{
"status": "affected",
"version": "\u003c 0.149.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.5, DNSIncoming._decode_labels_at_offset recurses once per DNS-name compression pointer, and a single mDNS packet carrying chained pointers can trigger a RecursionError that escapes DNSIncoming.__init__, causing sustained CPU burn, log flooding, and degraded mDNS-dependent features for unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb). This issue is fixed in version 0.149.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-17T18:21:25.199Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-9pgc-3ccv-5297",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-9pgc-3ccv-5297"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/pull/1719",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/pull/1719"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/commit/f9e23592137f30fdf7ef710dba065da31c79b1cf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/commit/f9e23592137f30fdf7ef710dba065da31c79b1cf"
},
{
"name": "https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.5"
}
],
"source": {
"advisory": "GHSA-9pgc-3ccv-5297",
"discovery": "UNKNOWN"
},
"title": "Zeroconf: Unbounded recursion in DNS compression-pointer decoder allows LAN-local denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-47180",
"datePublished": "2026-07-17T18:21:25.199Z",
"dateReserved": "2026-05-18T22:07:37.434Z",
"dateUpdated": "2026-07-17T19:21:29.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}