9 matches found
zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion
Impact DNSIncoming.logexceptiondebug and the four QuietLogger exception-dedup methods stored an unbounded seenlogs dict keyed by strsys.excinfo1. The seven IncomingDecodeError messages raised from readname / decodelabelsatoffset RFC 6762 §18 name-decoding error paths all embed self.source — the...
PT-2026-45026
Name of the Vulnerable Software and Affected Versions zeroconf versions prior to 0.149.6 Description An unauthenticated host on the local link can send multicast mDNS responses with unique names to the DNSCache. async add function, causing records to accumulate in cache, expirations, expire heap,...
PT-2026-45024
Name of the Vulnerable Software and Affected Versions zeroconf versions prior to 0.149.5 Description An unauthenticated host on the local link can degrade the mDNS listener by sending a specially crafted mDNS packet. The DNSIncoming. decode labels at offset function recurses for each DNS-name...
CVE-2026-30871 OpenWrt Project has Stack-based Buffer Overflow in DNS PTR Query
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the parsequestion function. The issue is triggered by PTR queries for reverse DNS domains .in-addr.arpa and .ip6.arp...
CVE-2026-20067 Multiple Cisco Products Snort 3 TBD Denial of Service Vulnerability
Multiple Cisco products are affected by a vulnerability in the Snort 3 detection engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to incomplete error checking...
mDNS Service Public WAN (Internet) Accessible
The script checks if the target host is exposing a service supporting the Multicast DNS mDNS protocol to a Public WAN Internet. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
UBUNTU-CVE-2020-6077
An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result ...
Xiaomi AI Speaker-mDNS service suffers from denial of service vulnerability
Xiaomi AI Speaker is a smart speaker product from Xiaomi. A denial of service vulnerability exists in the Xiaomi AI Speaker-mDNS service. The vulnerability is caused by the program service failing to adequately determine malformed messages when parsing request messages, causing the parsing thread...
Heap corruption vulnerability in Xiaomi AI Speaker-mDNS service
Xiaomi AI Speaker is a smart speaker product from Xiaomi. A heap corruption vulnerability exists in the Xiaomi AI Speaker-mDNS service. The vulnerability is due to the program service in the parsing of the request message there is a boundary check is not strict, resulting in the arbitrary write o...