5 matches found
OESA-2026-2833 python-zeroconf security update
Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Security Fixes: readcharacterstring and readstring in src/zeroconf/protocol/incoming.py sliced self.dataself.offset : self.offset + length and advanced self.offset by the declared length without checking it against...
OESA-2026-2832 python-zeroconf security update
Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Security Fixes: readcharacterstring and readstring in src/zeroconf/protocol/incoming.py sliced self.dataself.offset : self.offset + length and advanced self.offset by the declared length without checking it against...
OPENSUSE-SU-2026:11036-1 python311-zeroconf-0.149.16-1.1 on GA media
These are all security issues fixed in the python311-zeroconf-0.149.16-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-49728
Name of the Vulnerable Software and Affected Versions zeroconf versions prior to 0.149.16 Description An issue exists where the functions read character string and read string in src/zeroconf/ protocol/incoming.py advance the self.offset by a declared length without verifying it against self. dat...
GHSA-9663-MQMP-P9MM python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood
Impact AsyncListener.handlequeryordefer retained every truncated TC-bit incoming query in self.deferredaddr and armed a per-addr timer in self.timersaddr that flushed the reassembled query within 500 ms RFC 6762 §18.5. Neither the per-addr list nor the number of distinct addr keys was capped, and...