Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    Related vulnerabilities

    GHSA-9PGC-3CCV-5297

    Vulnerability from github – Published: 2026-05-29 20:09 – Updated: 2026-05-29 20:09
    VLAI
    Summary
    zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service
    Details

    Impact

    DNSIncoming._decode_labels_at_offset recurses once per DNS-name compression pointer (RFC 1035 §4.1.4). Pointer cycles and label counts were capped, but the chain length of unique forward pointers was not. A single ~3 kB mDNS packet carrying ~1500 chained pointers drives the recursion past CPython's default limit, and RecursionError was not listed in DECODE_EXCEPTIONS, so it escaped DNSIncoming.__init__ and was logged by asyncio's default exception handler.

    Any unauthenticated host on the local link (UDP/5353, 224.0.0.251 / ff02::fb) can degrade the mDNS listener; that includes a guest on the same Wi-Fi, a compromised IoT device, or a container on a shared bridge. Replaying at a few hertz produces sustained CPU burn and log flooding, and mDNS-dependent features (HomeKit, Chromecast/Matter, AirPlay, printers) degrade while the attack is in flight.

    Patches

    Fixed in zeroconf 0.149.5 (PR #1719). Upgrade to >= 0.149.5.

    Workarounds

    There is no in-process workaround; upgrading is the fix. Otherwise, restrict mDNS (UDP/5353) to trusted Layer-2 segments via AP client isolation, guest-network separation, or host firewall rules.

    Resources

    Show details on source website

    {
      "affected": [
        {
          "package": {
            "ecosystem": "PyPI",
            "name": "zeroconf"
          },
          "ranges": [
            {
              "events": [
                {
                  "introduced": "0"
                },
                {
                  "fixed": "0.149.5"
                }
              ],
              "type": "ECOSYSTEM"
            }
          ]
        }
      ],
      "aliases": [
        "CVE-2026-47180"
      ],
      "database_specific": {
        "cwe_ids": [
          "CWE-674"
        ],
        "github_reviewed": true,
        "github_reviewed_at": "2026-05-29T20:09:52Z",
        "nvd_published_at": null,
        "severity": "MODERATE"
      },
      "details": "### Impact\n\n`DNSIncoming._decode_labels_at_offset` recurses once per DNS-name compression pointer (RFC 1035 \u00a74.1.4). Pointer cycles and label counts were capped, but the chain length of unique forward pointers was not. A single ~3 kB mDNS packet carrying ~1500 chained pointers drives the recursion past CPython\u0027s default limit, and `RecursionError` was not listed in `DECODE_EXCEPTIONS`, so it escaped `DNSIncoming.__init__` and was logged by asyncio\u0027s default exception handler.\n\nAny unauthenticated host on the local link (UDP/5353, `224.0.0.251` / `ff02::fb`) can degrade the mDNS listener; that includes a guest on the same Wi-Fi, a compromised IoT device, or a container on a shared bridge. Replaying at a few hertz produces sustained CPU burn and log flooding, and mDNS-dependent features (HomeKit, Chromecast/Matter, AirPlay, printers) degrade while the attack is in flight.\n\n### Patches\nFixed in `zeroconf` 0.149.5 ([PR #1719](https://github.com/python-zeroconf/python-zeroconf/pull/1719)).\nUpgrade to `\u003e= 0.149.5`.\n\n### Workarounds\nThere is no in-process workaround; upgrading is the fix. Otherwise, restrict mDNS (UDP/5353) to trusted Layer-2 segments via AP client isolation, guest-network separation, or host firewall rules.\n\n### Resources\n- [PR #1719](https://github.com/python-zeroconf/python-zeroconf/pull/1719), fix\n- [Issue #1713](https://github.com/python-zeroconf/python-zeroconf/issues/1713), public tracking issue\n- [RFC 1035 \u00a74.1.4](https://www.rfc-editor.org/rfc/rfc1035#section-4.1.4), [RFC 6762](https://www.rfc-editor.org/rfc/rfc6762), [CWE-674](https://cwe.mitre.org/data/definitions/674.html)",
      "id": "GHSA-9pgc-3ccv-5297",
      "modified": "2026-05-29T20:09:52Z",
      "published": "2026-05-29T20:09:52Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-9pgc-3ccv-5297"
        },
        {
          "type": "WEB",
          "url": "https://github.com/python-zeroconf/python-zeroconf/issues/1713"
        },
        {
          "type": "WEB",
          "url": "https://github.com/python-zeroconf/python-zeroconf/pull/1719"
        },
        {
          "type": "PACKAGE",
          "url": "https://github.com/python-zeroconf/python-zeroconf"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "type": "CVSS_V3"
        }
      ],
      "summary": "zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service"
    }

    PYSEC-2026-3436

    Vulnerability from pysec - Published: 2026-07-13 15:19 - Updated: 2026-07-13 16:07
    VLAI
    Details

    Impact

    DNSIncoming._decode_labels_at_offset recurses once per DNS-name compression pointer (RFC 1035 §4.1.4). Pointer cycles and label counts were capped, but the chain length of unique forward pointers was not. A single ~3 kB mDNS packet carrying ~1500 chained pointers drives the recursion past CPython's default limit, and RecursionError was not listed in DECODE_EXCEPTIONS, so it escaped DNSIncoming.__init__ and was logged by asyncio's default exception handler.

    Any unauthenticated host on the local link (UDP/5353, 224.0.0.251 / ff02::fb) can degrade the mDNS listener; that includes a guest on the same Wi-Fi, a compromised IoT device, or a container on a shared bridge. Replaying at a few hertz produces sustained CPU burn and log flooding, and mDNS-dependent features (HomeKit, Chromecast/Matter, AirPlay, printers) degrade while the attack is in flight.

    Patches

    Fixed in zeroconf 0.149.5 (PR #1719). Upgrade to >= 0.149.5.

    Workarounds

    There is no in-process workaround; upgrading is the fix. Otherwise, restrict mDNS (UDP/5353) to trusted Layer-2 segments via AP client isolation, guest-network separation, or host firewall rules.

    Resources

    Impacted products
    Name purl
    zeroconf pkg:pypi/zeroconf

    {
      "affected": [
        {
          "package": {
            "ecosystem": "PyPI",
            "name": "zeroconf",
            "purl": "pkg:pypi/zeroconf"
          },
          "ranges": [
            {
              "events": [
                {
                  "introduced": "0"
                },
                {
                  "fixed": "0.149.5"
                }
              ],
              "type": "ECOSYSTEM"
            }
          ],
          "versions": [
            "0.100.0",
            "0.101.0",
            "0.102.0",
            "0.103.0",
            "0.104.0",
            "0.105.0",
            "0.106.0",
            "0.107.0",
            "0.108.0",
            "0.109.0",
            "0.110.0",
            "0.111.0",
            "0.112.0",
            "0.114.0",
            "0.115.0",
            "0.115.1",
            "0.115.2",
            "0.116.0",
            "0.117.0",
            "0.118.0",
            "0.118.1",
            "0.119.0",
            "0.120.0",
            "0.121.0",
            "0.122.0",
            "0.122.1",
            "0.122.2",
            "0.122.3",
            "0.123.0",
            "0.124.0",
            "0.125.0",
            "0.126.0",
            "0.127.0",
            "0.128.0",
            "0.128.1",
            "0.128.2",
            "0.128.3",
            "0.128.4",
            "0.128.5",
            "0.129.0",
            "0.130.0",
            "0.131.0",
            "0.132.0",
            "0.132.1",
            "0.132.2",
            "0.133.0",
            "0.134.0",
            "0.135.0",
            "0.136.0",
            "0.136.1",
            "0.136.2",
            "0.137.0",
            "0.137.1",
            "0.137.2",
            "0.138.0",
            "0.138.1",
            "0.139.0",
            "0.14",
            "0.140.0",
            "0.140.1",
            "0.141.0",
            "0.142.0",
            "0.143.0",
            "0.143.1",
            "0.144.0",
            "0.144.1",
            "0.144.2",
            "0.144.3",
            "0.145.0",
            "0.145.1",
            "0.146.0",
            "0.146.1",
            "0.146.2",
            "0.146.3",
            "0.146.4",
            "0.146.5",
            "0.147.0",
            "0.147.1",
            "0.147.2",
            "0.147.3",
            "0.147.4",
            "0.148.0",
            "0.149.0",
            "0.149.1",
            "0.149.2",
            "0.149.3",
            "0.149.4",
            "0.15",
            "0.15.1",
            "0.16.0",
            "0.17.0",
            "0.17.1",
            "0.17.2",
            "0.17.3",
            "0.17.4",
            "0.17.5",
            "0.17.6",
            "0.17.7",
            "0.18.0",
            "0.19.0",
            "0.19.1",
            "0.20.0",
            "0.21.0",
            "0.21.1",
            "0.21.2",
            "0.21.3",
            "0.22.0",
            "0.23.0",
            "0.24.0",
            "0.24.1",
            "0.24.2",
            "0.24.3",
            "0.24.4",
            "0.24.5",
            "0.25.0",
            "0.25.1",
            "0.26.0",
            "0.26.1",
            "0.26.2",
            "0.26.3",
            "0.27.0",
            "0.27.1",
            "0.28.0",
            "0.28.1",
            "0.28.2",
            "0.28.3",
            "0.28.4",
            "0.28.5",
            "0.28.6",
            "0.28.7",
            "0.28.8",
            "0.29.0",
            "0.30.0",
            "0.31.0",
            "0.32.0",
            "0.32.1",
            "0.33.0",
            "0.33.1",
            "0.33.2",
            "0.33.3",
            "0.33.4",
            "0.34.0",
            "0.34.1",
            "0.34.2",
            "0.34.3",
            "0.35.0",
            "0.35.1",
            "0.36.0",
            "0.36.1",
            "0.36.11",
            "0.36.12",
            "0.36.13",
            "0.36.2",
            "0.36.3",
            "0.36.4",
            "0.36.5",
            "0.36.6",
            "0.36.7",
            "0.36.8",
            "0.36.9",
            "0.37.0",
            "0.38.0",
            "0.38.1",
            "0.38.3",
            "0.38.4",
            "0.38.5",
            "0.38.6",
            "0.38.7",
            "0.39.0",
            "0.39.1",
            "0.39.2",
            "0.39.3",
            "0.39.4",
            "0.43.0",
            "0.44.0",
            "0.45.0",
            "0.46.0",
            "0.47.0",
            "0.47.1",
            "0.47.2",
            "0.47.3",
            "0.47.4",
            "0.48.0",
            "0.49.0",
            "0.50.0",
            "0.51.0",
            "0.52.0",
            "0.53.0",
            "0.53.1",
            "0.54.0",
            "0.55.0",
            "0.56.0",
            "0.57.0",
            "0.58.0",
            "0.58.1",
            "0.58.2",
            "0.59.0",
            "0.60.0",
            "0.61.0",
            "0.62.0",
            "0.63.0",
            "0.64.0",
            "0.64.1",
            "0.65.0",
            "0.66.0",
            "0.67.0",
            "0.68.0",
            "0.68.1",
            "0.69.0",
            "0.70.0",
            "0.71.0",
            "0.71.1",
            "0.71.2",
            "0.71.3",
            "0.71.4",
            "0.71.5",
            "0.72.0",
            "0.72.1",
            "0.72.2",
            "0.72.3",
            "0.73.0",
            "0.74.0",
            "0.75.0",
            "0.76.0",
            "0.77.0",
            "0.78.0",
            "0.79.0",
            "0.80.0",
            "0.81.0",
            "0.82.0",
            "0.82.1",
            "0.83.0",
            "0.83.1",
            "0.84.0",
            "0.85.0",
            "0.86.0",
            "0.87.0",
            "0.88.0",
            "0.89.0",
            "0.90.0",
            "0.91.0",
            "0.91.1",
            "0.92.0",
            "0.93.0",
            "0.93.1",
            "0.94.0",
            "0.95.0",
            "0.96.0",
            "0.97.0",
            "0.98.0",
            "0.99.0"
          ]
        }
      ],
      "aliases": [
        "CVE-2026-47180",
        "GHSA-9pgc-3ccv-5297"
      ],
      "details": "### Impact\n\n`DNSIncoming._decode_labels_at_offset` recurses once per DNS-name compression pointer (RFC 1035 \u00a74.1.4). Pointer cycles and label counts were capped, but the chain length of unique forward pointers was not. A single ~3 kB mDNS packet carrying ~1500 chained pointers drives the recursion past CPython\u0027s default limit, and `RecursionError` was not listed in `DECODE_EXCEPTIONS`, so it escaped `DNSIncoming.__init__` and was logged by asyncio\u0027s default exception handler.\n\nAny unauthenticated host on the local link (UDP/5353, `224.0.0.251` / `ff02::fb`) can degrade the mDNS listener; that includes a guest on the same Wi-Fi, a compromised IoT device, or a container on a shared bridge. Replaying at a few hertz produces sustained CPU burn and log flooding, and mDNS-dependent features (HomeKit, Chromecast/Matter, AirPlay, printers) degrade while the attack is in flight.\n\n### Patches\nFixed in `zeroconf` 0.149.5 ([PR #1719](https://github.com/python-zeroconf/python-zeroconf/pull/1719)).\nUpgrade to `\u003e= 0.149.5`.\n\n### Workarounds\nThere is no in-process workaround; upgrading is the fix. Otherwise, restrict mDNS (UDP/5353) to trusted Layer-2 segments via AP client isolation, guest-network separation, or host firewall rules.\n\n### Resources\n- [PR #1719](https://github.com/python-zeroconf/python-zeroconf/pull/1719), fix\n- [Issue #1713](https://github.com/python-zeroconf/python-zeroconf/issues/1713), public tracking issue\n- [RFC 1035 \u00a74.1.4](https://www.rfc-editor.org/rfc/rfc1035#section-4.1.4), [RFC 6762](https://www.rfc-editor.org/rfc/rfc6762), [CWE-674](https://cwe.mitre.org/data/definitions/674.html)",
      "id": "PYSEC-2026-3436",
      "modified": "2026-07-13T16:07:36.783034Z",
      "published": "2026-07-13T15:19:14.415629Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-9pgc-3ccv-5297"
        },
        {
          "type": "WEB",
          "url": "https://github.com/python-zeroconf/python-zeroconf/issues/1713"
        },
        {
          "type": "WEB",
          "url": "https://github.com/python-zeroconf/python-zeroconf/pull/1719"
        },
        {
          "type": "PACKAGE",
          "url": "https://github.com/python-zeroconf/python-zeroconf"
        },
        {
          "type": "PACKAGE",
          "url": "https://pypi.org/project/zeroconf"
        },
        {
          "type": "ADVISORY",
          "url": "https://github.com/advisories/GHSA-9pgc-3ccv-5297"
        },
        {
          "type": "ADVISORY",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47180"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "type": "CVSS_V3"
        }
      ],
      "summary": "zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service"
    }