56 matches found
PT-2026-49728
Name of the Vulnerable Software and Affected Versions zeroconf versions prior to 0.149.16 Description An issue exists where the functions read character string and read string in src/zeroconf/ protocol/incoming.py advance the self.offset by a declared length without verifying it against self. dat...
Allocation of Resources Without Limits or Throttling
Overview zeroconf is a Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the AsyncListener.handlequeryordefer function. An attacker can exhaust system memory and...
GHSA-9663-MQMP-P9MM python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood
Impact AsyncListener.handlequeryordefer retained every truncated TC-bit incoming query in self.deferredaddr and armed a per-addr timer in self.timersaddr that flushed the reassembled query within 500 ms RFC 6762 §18.5. Neither the per-addr list nor the number of distinct addr keys was capped, and...
PT-2026-48689
Impact AsyncListener.handle query or defer retained every truncated TC-bit incoming query in self. deferredaddr and armed a per-addr timer in self. timersaddr that flushed the reassembled query within 500 ms RFC 6762 §18.5. Neither the per-addr list nor the number of distinct addr keys was capped...
a2a-lite (>=0.1.0 <=0.2.2), adb-connect-qr (>=0.1.0 <=0.1.3) +582 more potentially affected by CVE-2026-47184 via zeroconf (>=0.102.0 <=0.149.3)
zeroconf PYPI version =0.102.0, =0.1.0, =0.1.0, =0.1.0, =1.0.2, =1.0.1, =0.0.1, =1.4.8, =2.6.28, =0.7.1, =0.0.1, =1.7.0, =0.2.38, =3.2.20 and more Source cves: CVE-2026-47184 Source advisory: SNYK:PYTHON-ZEROCONF-17111094...
a2a-lite (>=0.1.0 <=0.2.2), adb-connect-qr (>=0.1.0 <=0.1.3) +556 more potentially affected by CVE-2026-47184 via zeroconf (>=0.140.1 <=0.149.3)
zeroconf PYPI version =0.140.1, =0.1.0, =0.1.0, =0.1.0, =1.0.2, =1.0.1, =0.0.1, =1.4.8, =2.6.28, =0.7.1, =0.0.1, =1.7.0, =0.2.38, =3.2.20 and more Source cves: CVE-2026-47184 Source advisory: OSV:GHSA-RFG2-PJW2-56X2...
GHSA-RFG2-PJW2-56X2 zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood
Impact DNSCache.asyncadd inserted every response record into cache, expirations, expireheap, and servicecache with no cap on entry count. The only pre-existing protection was a PTR TTL floor DNSPTRMINTTL = 1125 s, RFC 6762 §10, which actually prolonged attacker-injected records, and a periodic...
Allocation of Resources Without Limits or Throttling
Overview zeroconf is a Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the DNSCache.asyncadd. Any unauthenticated host on the local link can exhaust system...
zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood
Impact DNSCache.asyncadd inserted every response record into cache, expirations, expireheap, and servicecache with no cap on entry count. The only pre-existing protection was a PTR TTL floor DNSPTRMINTTL = 1125 s, RFC 6762 §10, which actually prolonged attacker-injected records, and a periodic...
a2a-lite (>=0.1.0 <=0.2.2), adb-connect-qr (>=0.1.0 <=0.1.3) +582 more potentially affected by CVE-2026-47183 via zeroconf (>=0.102.0 <=0.149.3)
zeroconf PYPI version =0.102.0, =0.1.0, =0.1.0, =0.1.0, =1.0.2, =1.0.1, =0.0.1, =1.4.8, =2.6.28, =0.7.1, =0.0.1, =1.7.0, =0.2.38, =3.2.20 and more Source cves: CVE-2026-47183 Source advisory: SNYK:PYTHON-ZEROCONF-17111092...
a2a-lite (>=0.1.0 <=0.2.2), adb-connect-qr (>=0.1.0 <=0.1.3) +556 more potentially affected by CVE-2026-47183 via zeroconf (>=0.140.1 <=0.149.3)
zeroconf PYPI version =0.140.1, =0.1.0, =0.1.0, =0.1.0, =1.0.2, =1.0.1, =0.0.1, =1.4.8, =2.6.28, =0.7.1, =0.0.1, =1.7.0, =0.2.38, =3.2.20 and more Source cves: CVE-2026-47183 Source advisory: OSV:GHSA-PHVX-9MGW-67R5...
GHSA-PHVX-9MGW-67R5 zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion
Impact DNSIncoming.logexceptiondebug and the four QuietLogger exception-dedup methods stored an unbounded seenlogs dict keyed by strsys.excinfo1. The seven IncomingDecodeError messages raised from readname / decodelabelsatoffset RFC 6762 §18 name-decoding error paths all embed self.source — the...
Allocation of Resources Without Limits or Throttling
Overview zeroconf is a Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the DNSIncoming.logexceptiondebug function and the exception-deduplication, which stores...
zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion
Impact DNSIncoming.logexceptiondebug and the four QuietLogger exception-dedup methods stored an unbounded seenlogs dict keyed by strsys.excinfo1. The seven IncomingDecodeError messages raised from readname / decodelabelsatoffset RFC 6762 §18 name-decoding error paths all embed self.source — the...
a2a-lite (>=0.1.0 <=0.2.2), adb-connect-qr (>=0.1.0 <=0.1.3) +582 more potentially affected by CVE-2026-47180 via zeroconf (>=0.102.0 <=0.149.3)
zeroconf PYPI version =0.102.0, =0.1.0, =0.1.0, =0.1.0, =1.0.2, =1.0.1, =0.0.1, =1.4.8, =2.6.28, =0.7.1, =0.0.1, =1.7.0, =0.2.38, =3.2.20 and more Source cves: CVE-2026-47180 Source advisory: SNYK:PYTHON-ZEROCONF-17111095...
a2a-lite (>=0.1.0 <=0.2.2), adb-connect-qr (>=0.1.0 <=0.1.3) +556 more potentially affected by CVE-2026-47180 via zeroconf (>=0.140.1 <=0.149.3)
zeroconf PYPI version =0.140.1, =0.1.0, =0.1.0, =0.1.0, =1.0.2, =1.0.1, =0.0.1, =1.4.8, =2.6.28, =0.7.1, =0.0.1, =1.7.0, =0.2.38, =3.2.20 and more Source cves: CVE-2026-47180 Source advisory: OSV:GHSA-9PGC-3CCV-5297...
Uncontrolled Recursion
Overview zeroconf is a Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Affected versions of this package are vulnerable to Uncontrolled Recursion via the DNSIncoming.decodelabelsatoffset function. An attacker can cause excessive CPU consumption and log flooding by...
GHSA-9PGC-3CCV-5297 zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service
Impact DNSIncoming.decodelabelsatoffset recurses once per DNS-name compression pointer RFC 1035 §4.1.4. Pointer cycles and label counts were capped, but the chain length of unique forward pointers was not. A single 3 kB mDNS packet carrying 1500 chained pointers drives the recursion past CPython'...
zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service
Impact DNSIncoming.decodelabelsatoffset recurses once per DNS-name compression pointer RFC 1035 §4.1.4. Pointer cycles and label counts were capped, but the chain length of unique forward pointers was not. A single 3 kB mDNS packet carrying 1500 chained pointers drives the recursion past CPython'...
PT-2026-45026
Impact DNSCache. async add inserted every response record into cache, expirations, expire heap, and service cache with no cap on entry count. The only pre-existing protection was a PTR TTL floor DNS PTR MIN TTL = 1125 s, RFC 6762 §10, which actually prolonged attacker-injected records, and a...