406 matches found
OESA-2026-2833 python-zeroconf security update
Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Security Fixes: readcharacterstring and readstring in src/zeroconf/protocol/incoming.py sliced self.dataself.offset : self.offset + length and advanced self.offset by the declared length without checking it against...
CVE-2026-10657
Zephyr's DNS resolver detects mDNS .local queries in dnsresolvenameinternal subsys/net/lib/dns/resolve.c with memcmpstrrchrquery, '.', ".local", 7, which always reads a fixed 7 bytes from the suffix pointer. When the resolved hostname's final label is shorter than 7 bytes e.g. names ending in .or...
CVE-2026-10657
The CVE-2026-10657 vulnerability affects Zephyr's DNS resolver when MDNS (CONFIG_MDNS_RESOLVER) is enabled. The code uses memcmp(strrchr(query, '.'), ".local", 7) to detect mDNS queries, reading a fixed 7 bytes from the suffix pointer. If the final label is shorter than 7 bytes (e.g., .org, .com,...
SUSE-SU-2026:22338-1 Security update for avahi
This update for avahi fixes the following issues: - CVE-2026-34933: reachable assertion in transportflagsfromdomain can crash the avahi-daemon bsc1261546. - CVE-2026-24401: unsolicited mDNS responses containing a recursive CNAME record can crash the avahi-daemon bsc1257235...
EulerOS 2.0 SP11 : avahi (EulerOS-SA-2026-2197)
According to the versions of the avahi packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below,...
EulerOS Virtualization 2.12.0 : avahi (EulerOS-SA-2026-2095)
According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and...
Linux Distros Unpatched Vulnerability : CVE-2026-5245
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler...
JLSEC-2026-370 A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function...
A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...
SUSE-SU-2026:1441-1 Security update for avahi
This update for avahi fixes the following issue: - CVE-2026-24401: avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record bsc1257235...
Security update for avahi
This update for avahi fixes the following issue: CVE-2026-24401: avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record bsc1257235. Patch Instructions: To install this SUSE update use the SUSE recommended installation metho...
EUVD-2026-18183
A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...
CVE-2026-5245
A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...
CVE-2026-5245 Cesanta Mongoose mDNS Record mongoose.c handle_mdns_record stack-based overflow
A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...
CVE-2026-5245
A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...
CVE-2026-5245 Cesanta Mongoose mDNS Record mongoose.c handle_mdns_record stack-based overflow
A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...
CVE-2026-5245
Cesanta Mongoose up to 7.20 contains a stack-based buffer overflow in the function handle_mdns_record (mongoose.c, mDNS Record Handler) caused by manipulation of the buf argument. Remote exploitation is possible; the exploit is described as difficult with a high attack complexity. A fixed version...
CVE-2026-5245
A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...
Cesanta Mongoose 安全漏洞
Cesanta Mongoose is a set of embedded server libraries developed by the Irish company Cesanta. It includes functions for TCP and HTTP clients and servers, as well as WenSocket clients and servers. Versions of Cesanta Mongoose 7.20 and earlier contained security vulnerabilities. These...
Advisory ROSA-SA-2026-3245
software: avahi 0.8 WASP: ROSA-CHROME unaffected versions = avahi-0.8-12.git35bb1b.5 affected versions avahi-0.8-12.git35bb1b.5 CVE-ID: CVE-2026-24401 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Avahi avahi-daemon ≤ 0.9rc2 allows a remote attacker to cause a process crash DoS:...
CVE-2026-30871
A flaw was found in the OpenWrt mdns daemon. A remote attacker can exploit a Stack-based Buffer Overflow vulnerability in the parsequestion function by sending specially crafted DNS Domain Name System packets. These packets, specifically PTR Pointer Record queries for reverse DNS domains, can cau...