Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-47180

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-17 Jul, 2026 | 18:21
Updated At-17 Jul, 2026 | 18:21
Rejected At-
Credits

Zeroconf: Unbounded recursion in DNS compression-pointer decoder allows LAN-local denial of service

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.5, DNSIncoming._decode_labels_at_offset recurses once per DNS-name compression pointer, and a single mDNS packet carrying chained pointers can trigger a RecursionError that escapes DNSIncoming.__init__, causing sustained CPU burn, log flooding, and degraded mDNS-dependent features for unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb). This issue is fixed in version 0.149.5.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:17 Jul, 2026 | 18:21
Updated At:17 Jul, 2026 | 18:21
Rejected At:
â–¼CVE Numbering Authority (CNA)
Zeroconf: Unbounded recursion in DNS compression-pointer decoder allows LAN-local denial of service

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.5, DNSIncoming._decode_labels_at_offset recurses once per DNS-name compression pointer, and a single mDNS packet carrying chained pointers can trigger a RecursionError that escapes DNSIncoming.__init__, causing sustained CPU burn, log flooding, and degraded mDNS-dependent features for unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb). This issue is fixed in version 0.149.5.

Affected Products
Vendor
python-zeroconf
Product
python-zeroconf
Versions
Affected
  • < 0.149.5
Problem Types
TypeCWE IDDescription
CWECWE-674CWE-674: Uncontrolled Recursion
Type: CWE
CWE ID: CWE-674
Description: CWE-674: Uncontrolled Recursion
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-9pgc-3ccv-5297
x_refsource_CONFIRM
https://github.com/python-zeroconf/python-zeroconf/pull/1719
x_refsource_MISC
https://github.com/python-zeroconf/python-zeroconf/commit/f9e23592137f30fdf7ef710dba065da31c79b1cf
x_refsource_MISC
https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.5
x_refsource_MISC
Hyperlink: https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-9pgc-3ccv-5297
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/python-zeroconf/python-zeroconf/pull/1719
Resource:
x_refsource_MISC
Hyperlink: https://github.com/python-zeroconf/python-zeroconf/commit/f9e23592137f30fdf7ef710dba065da31c79b1cf
Resource:
x_refsource_MISC
Hyperlink: https://github.com/python-zeroconf/python-zeroconf/releases/tag/0.149.5
Resource:
x_refsource_MISC
Information is not available yet

Similar CVEs

4Records found

CVE-2026-47183
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 18:22
Updated-17 Jul, 2026 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.6, DNSIncoming._log_exception_debug and the four QuietLogger exception-dedup methods stored an unbounded _seen_logs dictionary keyed by attacker-influenced IncomingDecodeError messages, retaining sys.exc_info() tracebacks whose frame locals kept raw packet self.data buffers and allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to drive memory growth until mDNS-dependent features degrade or the process is OOM-killed. This issue is fixed in version 0.149.6.

Action-Not Available
Vendor-python-zeroconf
Product-python-zeroconf
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-47184
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 18:25
Updated-17 Jul, 2026 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zeroconf: Unbounded DNS record cache allows LAN-local memory exhaustion via multicast flood

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.7, DNSCache._async_add inserted every response record into cache, _expirations, _expire_heap, and service_cache without a cap, allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to multicast valid mDNS responses with unique names and cause memory exhaustion, slower cache lookups, slower async_expire passes, and broken discovery, registration, and ServiceBrowser callbacks. This issue is fixed in version 0.149.7.

Action-Not Available
Vendor-python-zeroconf
Product-python-zeroconf
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-48045
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 18:26
Updated-17 Jul, 2026 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.12, AsyncListener.handle_query_or_defer retained every truncated TC-bit incoming query, each up to _MAX_MSG_ABSOLUTE = 8966 bytes, in self._deferred[addr] and armed a per-address timer in self._timers[addr] without capping the per-address list or distinct addr keys, allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to spoof sources, grow _deferred and _timers, and cause memory exhaustion and quadratic CPU burn. This issue is fixed in version 0.149.12.

Action-Not Available
Vendor-python-zeroconf
Product-python-zeroconf
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-20678
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 24.57%
||
7 Day CHG+0.02%
Published-02 Jun, 2025 | 02:29
Updated-17 Feb, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ims service, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01394606; Issue ID: MSV-2739.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8893mt8788mt6879mt6989mt6853tmt8791tmt6813mt6883nr17lr13mt6833pmt6762mt6769tmt8873mt8786mt6890mt6893mt6878mmt6877tmt6771mt6980mt6875tmt8768nr17rmt6769zmt8798mt6835tmt8791mt6990mt6833mt6873mt6983tmt6785nr15lr12amt8766rmt8771mt8765mt6767mt6783mt6895ttmt6891mt6779mt6875mt6769kmt6855tmt8676mt6765tmt6885mt6991mt6835mt8666mt6739mt8673nr16mt6897mt6855mt6789mt6985mt6781mt8863mt6768mt6853mt6762dmt8795tmt6889mt8667mt8788emt6878mt6880mt8797mt6985tmt6895mt6896mt8766mt8781mt6762mmt6983mt6769mt6877mt6886mt8789mt6765mt6761mt8675mt6899mt6785tmt6769smt6989tmt6763mt6877ttmt6785umt8883mt8678MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893
CWE ID-CWE-674
Uncontrolled Recursion
Details not found