CVE-2026-48045 in Zeroconf情報

要約

〜によって MITRE • 2026年07月17日

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.12, AsyncListener.handle_query_or_defer retained every truncated TC-bit incoming query, each up to _MAX_MSG_ABSOLUTE = 8966 bytes, in self._deferred[addr] and armed a per-address timer in self._timers[addr] without capping the per-address list or distinct addr keys, allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to spoof sources, grow _deferred and _timers, and cause memory exhaustion and quadratic CPU burn. This issue is fixed in version 0.149.12.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

責任者

GitHub M

予約する

2026年05月20日

モデレーション

承諾済み

エントリ

VDB-379902

EPSS

0.00000

アクティビティ

非常低い

ソース

Do you know our Splunk app?

Download it now for free!