Lucene search
+L

100 matches found

NVD
NVD
added 4 hours ago3 views

CVE-2026-47184

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.7, DNSCache.asyncadd inserted every response record into cache, expirations, expireheap, and servicecache without a cap, allowing unauthenticated hosts on the local link over UDP/5353 224.0.0.251 / ff02::f...

6.5CVSS0.00023EPSS
Exploits0References5
NVD
NVD
added 4 hours ago3 views

CVE-2026-48045

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.12, AsyncListener.handlequeryordefer retained every truncated TC-bit incoming query, each up to MAXMSGABSOLUTE = 8966 bytes, in self.deferredaddr and armed a per-address timer in self.timersaddr without...

6.5CVSS0.00018EPSS
Exploits0References4
NVD
NVD
added 4 hours ago2 views

CVE-2026-47183

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.6, DNSIncoming.logexceptiondebug and the four QuietLogger exception-dedup methods stored an unbounded seenlogs dictionary keyed by attacker-influenced IncomingDecodeError messages, retaining sys.excinfo...

6.5CVSS0.0002EPSS
Exploits0References5
NVD
NVD
added 4 hours ago3 views

CVE-2026-48487

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.16, readcharacterstring and readstring in src/zeroconf/protocol/incoming.py advanced self.offset by attacker-declared RDLENGTH without checking it against self.datalen, allowing unauthenticated hosts on th...

5.3CVSS
Exploits0References5
NVD
NVD
added 4 hours ago3 views

CVE-2026-47180

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.5, DNSIncoming.decodelabelsatoffset recurses once per DNS-name compression pointer, and a single mDNS packet carrying chained pointers can trigger a RecursionError that escapes DNSIncoming.init, causing...

6.5CVSS0.0002EPSS
Exploits0References4
CVE
CVE
added 4 hours ago16 views

CVE-2026-48487

CVE-2026-48487 (python-zeroconf) : Prior to 0.149.16, _read_character_string and _read_string in zeroconf’s incoming protocol could advance the parser past the end of the payload by using attacker-declared RDLENGTH without checking against data length, enabling unauthenticated LAN-local hosts on ...

5.3CVSS5.2AI score
Exploits0References5
Cvelist
Cvelist
added 4 hours ago7 views

CVE-2026-48487 Zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruption via crafted mDNS packet

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.16, readcharacterstring and readstring in src/zeroconf/protocol/incoming.py advanced self.offset by attacker-declared RDLENGTH without checking it against self.datalen, allowing unauthenticated hosts on th...

5.3CVSS
Exploits0References5
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-48045 Zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.12, AsyncListener.handlequeryordefer retained every truncated TC-bit incoming query, each up to MAXMSGABSOLUTE = 8966 bytes, in self.deferredaddr and armed a per-address timer in self.timersaddr without...

6.5CVSS5.2AI score0.00018EPSS
Exploits0References4
Cvelist
Cvelist
added 4 hours ago10 views

CVE-2026-48045 Zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.12, AsyncListener.handlequeryordefer retained every truncated TC-bit incoming query, each up to MAXMSGABSOLUTE = 8966 bytes, in self.deferredaddr and armed a per-address timer in self.timersaddr without...

6.5CVSS0.00018EPSS
Exploits0References4
CVE
CVE
added 4 hours ago22 views

CVE-2026-48045

The CVE-2026-48045 issue affects python-zeroconf (Zeroconf Pure Python) where AsyncListener.handle_query_or_defer retains every truncated TC-bit mDNS query per source in self._deferred[addr] and arms per-address timers in self._timers[addr]. This unbounded queue growth on LAN-local hosts (UDP/535...

6.5CVSS5.2AI score0.00018EPSS
Exploits0References4
CVE
CVE
added 4 hours ago21 views

CVE-2026-47184

CVE-2026-47184 affects the python-zeroconf project. DNSCache._async_add can insert every response record into cache, expirations, expire_heap, and service_cache without a cap, enabling unauthenticated LAN hosts on UDP/5353 (224.0.0.251 / ff02::fb) to multicast valid mDNS responses with unique nam...

6.5CVSS5.2AI score0.00023EPSS
Exploits0References5
CVE
CVE
added 4 hours ago25 views

CVE-2026-47183

CVE-2026-47183 - zeroconf (python-zeroconf) : Affected versions prior to 0.149.6 store an unbounded in-memory log of exceptions in DNSIncoming._log_exception_debug and QuietLogger dedup, retaining frame locals with raw packet data. This enables any unauthenticated LAN host on UDP/5353 (224.0.0.25...

6.5CVSS5.2AI score0.0002EPSS
Exploits0References5
Cvelist
Cvelist
added 4 hours ago8 views

CVE-2026-47183 Zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.6, DNSIncoming.logexceptiondebug and the four QuietLogger exception-dedup methods stored an unbounded seenlogs dictionary keyed by attacker-influenced IncomingDecodeError messages, retaining sys.excinfo...

6.5CVSS0.0002EPSS
Exploits0References5
Cvelist
Cvelist
added 4 hours ago9 views

CVE-2026-47180 Zeroconf: Unbounded recursion in DNS compression-pointer decoder allows LAN-local denial of service

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.5, DNSIncoming.decodelabelsatoffset recurses once per DNS-name compression pointer, and a single mDNS packet carrying chained pointers can trigger a RecursionError that escapes DNSIncoming.init, causing...

6.5CVSS0.0002EPSS
Exploits0References4
CVE
CVE
added 4 hours ago29 views

CVE-2026-47180

CVE-2026-47180 affects the Zeroconf Python library. The vulnerability stems from DNSIncoming._decode_labels_at_offset recursing for each DNS-name compression pointer; a crafted mDNS packet with ~1500 chained pointers can cause unbounded recursion, escaping DNSIncoming.init and triggering sustaine...

6.5CVSS5.2AI score0.0002EPSS
Exploits0References4
PyPA
PyPA
added 4 days ago8 views

zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruption via crafted mDNS packet

Impactreadcharacterstring and readstring in src/zeroconf/protocol/incoming.py sliced self.dataself.offset : self.offset + length and advanced self.offset by the declared length without checking it against self.datalen. Python's slice silently returns fewer bytes when the end index runs past the...

7.1CVSS6.1AI score
Exploits0References7Affected Software1
OSV
OSV
added 4 days ago6 views

PYSEC-2026-3438 zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruption via crafted mDNS packet

Impact readcharacterstring and readstring in src/zeroconf/protocol/incoming.py sliced self.dataself.offset : self.offset + length and advanced self.offset by the declared length without checking it against self.datalen. Python's slice silently returns fewer bytes when the end index runs past the...

7.1CVSS6.1AI score
Exploits0References7
PyPA
PyPA
added 4 days ago9 views

python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood

ImpactAsyncListener.handlequeryordefer retained every truncated TC-bit incoming query in self.deferredaddr and armed a per-addr timer in self.timersaddr that flushed the reassembled query within 500 ms RFC 6762 §18.5. Neither the per-addr list nor the number of distinct addr keys was capped, and...

6.5CVSS6.1AI score0.00018EPSS
Exploits0References7Affected Software1
OSV
OSV
added 4 days ago4 views

PYSEC-2026-3435 python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood

Impact AsyncListener.handlequeryordefer retained every truncated TC-bit incoming query in self.deferredaddr and armed a per-addr timer in self.timersaddr that flushed the reassembled query within 500 ms RFC 6762 §18.5. Neither the per-addr list nor the number of distinct addr keys was capped, and...

6.5CVSS6.1AI score0.00018EPSS
Exploits0References7
PyPA
PyPA
added 4 days ago8 views

zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood

ImpactDNSCache.asyncadd inserted every response record into cache, expirations, expireheap, and servicecache with no cap on entry count. The only pre-existing protection was a PTR TTL floor DNSPTRMINTTL = 1125 s, RFC 6762 §10, which actually prolonged attacker-injected records, and a periodic...

6.5CVSS6.1AI score0.00023EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder