208 matches found
OESA-2026-2832 python-zeroconf security update
Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Security Fixes: readcharacterstring and readstring in src/zeroconf/protocol/incoming.py sliced self.dataself.offset : self.offset + length and advanced self.offset by the declared length without checking it against...
CVE-2026-10657
Zephyr's DNS resolver detects mDNS .local queries in dnsresolvenameinternal subsys/net/lib/dns/resolve.c with memcmpstrrchrquery, '.', ".local", 7, which always reads a fixed 7 bytes from the suffix pointer. When the resolved hostname's final label is shorter than 7 bytes e.g. names ending in .or...
CVE-2026-10657 Out-of-bounds read in Zephyr DNS resolver mDNS suffix check (memcmp past string NUL)
Zephyr's DNS resolver detects mDNS .local queries in dnsresolvenameinternal subsys/net/lib/dns/resolve.c with memcmpstrrchrquery, '.', ".local", 7, which always reads a fixed 7 bytes from the suffix pointer. When the resolved hostname's final label is shorter than 7 bytes e.g. names ending in .or...
CVE-2026-10657 Out-of-bounds read in Zephyr DNS resolver mDNS suffix check (memcmp past string NUL)
Zephyr's DNS resolver detects mDNS .local queries in dnsresolvenameinternal subsys/net/lib/dns/resolve.c with memcmpstrrchrquery, '.', ".local", 7, which always reads a fixed 7 bytes from the suffix pointer. When the resolved hostname's final label is shorter than 7 bytes e.g. names ending in .or...
CVE-2026-10657 Out-of-bounds read in Zephyr DNS resolver mDNS suffix check (memcmp past string NUL)
Zephyr's DNS resolver detects mDNS .local queries in dnsresolvenameinternal subsys/net/lib/dns/resolve.c with memcmpstrrchrquery, '.', ".local", 7, which always reads a fixed 7 bytes from the suffix pointer. When the resolved hostname's final label is shorter than 7 bytes e.g. names ending in .or...
PT-2026-55829
Name of the Vulnerable Software and Affected Versions Zephyr versions 1.10.0 through 3.7.0 Description The DNS resolver contains a flaw in the dns resolve name internal function within subsys/net/lib/dns/resolve.c when CONFIG MDNS RESOLVER is enabled. The system uses memcmp to detect mDNS .local...
GHSA-QC2X-6F54-M6H9 zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruption via crafted mDNS packet
Impact readcharacterstring and readstring in src/zeroconf/protocol/incoming.py sliced self.dataself.offset : self.offset + length and advanced self.offset by the declared length without checking it against self.datalen. Python's slice silently returns fewer bytes when the end index runs past the...
Improper Handling of Length Parameter Inconsistency
Overview zeroconf is a Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency via the readcharacterstring and readstring functions. An attacker can inject malicious...
OPENSUSE-SU-2026:21014-1 Security update for avahi
This update for avahi fixes the following issues: - CVE-2026-34933: reachable assertion in transportflagsfromdomain can crash the avahi-daemon bsc1261546. - CVE-2026-24401: unsolicited mDNS responses containing a recursive CNAME record can crash the avahi-daemon bsc1257235...
SUSE-SU-2026:22338-1 Security update for avahi
This update for avahi fixes the following issues: - CVE-2026-34933: reachable assertion in transportflagsfromdomain can crash the avahi-daemon bsc1261546. - CVE-2026-24401: unsolicited mDNS responses containing a recursive CNAME record can crash the avahi-daemon bsc1257235...
Allocation of Resources Without Limits or Throttling
Overview zeroconf is a Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the AsyncListener.handlequeryordefer function. An attacker can exhaust system memory and...
GHSA-9663-MQMP-P9MM python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood
Impact AsyncListener.handlequeryordefer retained every truncated TC-bit incoming query in self.deferredaddr and armed a per-addr timer in self.timersaddr that flushed the reassembled query within 500 ms RFC 6762 §18.5. Neither the per-addr list nor the number of distinct addr keys was capped, and...
PT-2026-48689
Name of the Vulnerable Software and Affected Versions zeroconf versions prior to 0.149.12 Description An unauthenticated host on the local link can cause a denial of service by streaming byte-distinct mDNS queries with the TC-bit truncation flag set to the AsyncListener.handle query or defer...
EulerOS 2.0 SP13 : avahi (EulerOS-SA-2026-2321)
According to the versions of the avahi packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any...
EulerOS 2.0 SP11 : avahi (EulerOS-SA-2026-2235)
According to the versions of the avahi packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below,...
EulerOS Virtualization 2.10.0 : avahi (EulerOS-SA-2026-2042)
According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, ...
Allocation of Resources Without Limits or Throttling
Overview zeroconf is a Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the DNSCache.asyncadd. Any unauthenticated host on the local link can exhaust system...
GHSA-PHVX-9MGW-67R5 zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion
Impact DNSIncoming.logexceptiondebug and the four QuietLogger exception-dedup methods stored an unbounded seenlogs dict keyed by strsys.excinfo1. The seven IncomingDecodeError messages raised from readname / decodelabelsatoffset RFC 6762 §18 name-decoding error paths all embed self.source — the...
Allocation of Resources Without Limits or Throttling
Overview zeroconf is a Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the DNSIncoming.logexceptiondebug function and the exception-deduplication, which stores...
Uncontrolled Recursion
Overview zeroconf is a Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Affected versions of this package are vulnerable to Uncontrolled Recursion via the DNSIncoming.decodelabelsatoffset function. An attacker can cause excessive CPU consumption and log flooding by...