CVE-2026-47183 in Zeroconf정보

요약

\~에 의해 MITRE • 2026. 07. 17.

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.6, DNSIncoming._log_exception_debug and the four QuietLogger exception-dedup methods stored an unbounded _seen_logs dictionary keyed by attacker-influenced IncomingDecodeError messages, retaining sys.exc_info() tracebacks whose frame locals kept raw packet self.data buffers and allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to drive memory growth until mDNS-dependent features degrade or the process is OOM-killed. This issue is fixed in version 0.149.6.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

출처

Want to stay up to date on a daily basis?

Enable the mail alert feature now!