25 matches found
CVE-2026-47180
CVE-2026-47180 affects the Zeroconf Python library. The vulnerability stems from DNSIncoming._decode_labels_at_offset recursing for each DNS-name compression pointer; a crafted mDNS packet with ~1500 chained pointers can cause unbounded recursion, escaping DNSIncoming.init and triggering sustaine...
PYSEC-2026-3436 zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service
Impact DNSIncoming.decodelabelsatoffset recurses once per DNS-name compression pointer RFC 1035 §4.1.4. Pointer cycles and label counts were capped, but the chain length of unique forward pointers was not. A single 3 kB mDNS packet carrying 1500 chained pointers drives the recursion past CPython'...
UBUNTU-CVE-2026-14461
mtr is vulnerable to Out-of-bound read vulnerability in ipinfolookup function. An attacker who can influence the TXT response used for AS lookups can trigger this bug by returning a DNS response that is larger than 512 bytes and uses a crafted compression pointer in the answer NAME...
CVE-2026-14461 Out-of-bound read in mtr
mtr is vulnerable to Out-of-bound read vulnerability in ipinfolookup function. An attacker who can influence the TXT response used for AS lookups can trigger this bug by returning a DNS response that is larger than 512 bytes and uses a crafted compression pointer in the answer NAME...
CVE-2026-14461
The CVE-2026-14461 entry affects mtr up to version 0.96, where ipinfo_lookup() performs DNS AS lookups and can be triggered by a TXT response larger than 512 bytes with a crafted compression pointer, causing an out-of-bounds read. The function uses the response length as the end-of-message bounda...
CVE-2026-14461 Out-of-bound read in mtr
mtr is vulnerable to Out-of-bound read vulnerability in ipinfolookup function. An attacker who can influence the TXT response used for AS lookups can trigger this bug by returning a DNS response that is larger than 512 bytes and uses a crafted compression pointer in the answer NAME...
OPENSUSE-SU-2026:21175-1 Security update for python-zeroconf
This update for python-zeroconf fixes the following issues: Changes in python-zeroconf: - CVE-2026-47180: zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service bsc1268341 - CVE-2026-47183: zeroconf: Unbounded exception-dedup state retains pack...
EUVD-2017-18042
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-9104
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered. CVE-2017-9104 Note that Nessus relies on the...
SUSE CVE-2011-4315
Heap-based buffer overflow in compression-pointer processing in core/ngxresolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service daemon crash or possibly have unspecified other impact via a long response...
SUSE CVE-2017-9104
An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered...
CVE-2017-9104
An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered...
CVE-2020-25767
CVE-2020-25767 affects HCC Embedded InterNiche/NicheStack (IPv4) prior to 4.3. The root cause is in the dnc_copy_in DNS domain name parser, which fails to validate that compression pointers stay within packet bounds, enabling an out-of-bounds read and potential DoS via crafted DNS data. Affected ...
CVE-2017-9104
An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered...
CVE-2017-9104
An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered...
DEBIAN-CVE-2017-9104
An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered...
UBUNTU-CVE-2017-9104
An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered...
PT-2020-8502 · Adns +2 · Adns +2
Name of the Vulnerable Software and Affected Versions: adns versions prior to 1.5.2 Description: An issue was discovered in adns where it hangs and consumes CPU resources if a compression pointer loop is encountered. Recommendations: For versions prior to 1.5.2, update to version 1.5.2 or later t...
CVE-2020-6071
An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can...
CVE-2020-6071
An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can...