GHSA-9PGC-3CCV-5297 zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service

Impact DNSIncoming.decodelabelsatoffset recurses once per DNS-name compression pointer RFC 1035 §4.1.4. Pointer cycles and label counts were capped, but the chain length of unique forward pointers was not. A single 3 kB mDNS packet carrying 1500 chained pointers drives the recursion past CPython'...

Important: python-twisted

Issue Overview: The twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasse...

OESA-2026-2369 python-twisted security update

Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: A denial of service vulnerability exists in Twisted framework when handling DNS compression pointer chain...

OESA-2026-2368 python-twisted security update

Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: A denial of service vulnerability exists in Twisted framework when handling DNS compression pointer chain...

OESA-2026-2367 python-twisted security update

Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: A denial of service vulnerability exists in Twisted framework when handling DNS compression pointer chain...

CVE-2026-42304

The CVE-2026-42304 issue affects Twisted (twisted.names) up to version 26.4.0rc2. Root cause: the DNS name decoder in twisted.names.dns.Name.decode lacks a limit on pointer dereferences per DNS message, and the per-question visited state can reset, enabling an attacker to craft TCP DNS packets wi...

Twisted has a Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains

Details The twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasses previo...

PT-2026-37262

Name of the Vulnerable Software and Affected Versions Twisted versions prior to 26.4.0 Description The twisted.names module is susceptible to a Denial of Service DoS attack caused by resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can send a specially crafted...

EUVD-2024-52826

Malicious code in bioql PyPI...

CVE-2024-55628

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log...

CVE-2024-55628 Suricata oversized resource names utilizing DNS name compression can lead to resource starvation

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log...

Suricata 安全漏洞

Suricata is a network IDS, IPS and NSM engine from the Open Information Security Foundation. A security vulnerability exists in Suricata versions prior to 7.0.8 that stems from the fact that DNS resource name compression may result in small DNS messages containing very large contained hostnames...

SUSE CVE-2005-0038

The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop...

CVE-2020-25767

An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnccopyin routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bounds of the packet e.g., forward compression pointer jumps are allowed, which leads to an Out-of-bounds...

How the NAME:WRECK Bugs Impact Consumers, Businesses

Researchers estimate more than 100 million internet-connected devices are vulnerable to a class of flaws dubbed NAME:WRECK. Devices ranging from smartphones, aircraft navigation systems and industrial internet of things IIoT endpoints are vulnerable to either a denial-of-service DoS or remote...

GLSA-201204-02 : InspIRCd: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201204-02 InspIRCd: Arbitrary code execution A vulnerability in InspIRCd allows DNS compression features to control the number of overflowed bytes sent to the heap-based buffer 'res' in dns.cpp. Impact : A remote attacker could se...

InspIRCd: Arbitrary code execution

Background InspIRCd Inspire IRCd is a modular C++ IRC daemon Description A vulnerability in InspIRCd allows DNS compression features to control the number of overflowed bytes sent to the heap-based buffer "res" in dns.cpp. Impact A remote attacker could send specially crafted DNS responses,...

Microsoft DNS Server Internal Hostname Disclosure Detection

Microsoft DNS server might be prone to an internal hostname disclosure. SPDX-FileCopyrightText: 2009 Tim Brown Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...