CVE-2026-47183 in Zeroconfinformation

Résumé

par MITRE • 17/07/2026

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.6, DNSIncoming._log_exception_debug and the four QuietLogger exception-dedup methods stored an unbounded _seen_logs dictionary keyed by attacker-influenced IncomingDecodeError messages, retaining sys.exc_info() tracebacks whose frame locals kept raw packet self.data buffers and allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to drive memory growth until mDNS-dependent features degrade or the process is OOM-killed. This issue is fixed in version 0.149.6.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Responsable

GitHub M

Réserver

19/05/2026

Divulgation

17/07/2026

Modérer

accepté

Entrée

VDB-379904

CPE

prêt

EPSS

0.00000

KEV

non

Activités

très faible

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!