CVE-2026-47183 in ZeroconfИнформация

Сводка

по MITRE • 17.07.2026

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.6, DNSIncoming._log_exception_debug and the four QuietLogger exception-dedup methods stored an unbounded _seen_logs dictionary keyed by attacker-influenced IncomingDecodeError messages, retaining sys.exc_info() tracebacks whose frame locals kept raw packet self.data buffers and allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to drive memory growth until mDNS-dependent features degrade or the process is OOM-killed. This issue is fixed in version 0.149.6.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Ответственный

GitHub M

Резервировать

19.05.2026

Раскрытие

17.07.2026

Модерация

принято

Вход

VDB-379904

EPSS

0.00000

KEV

Нет

Деятельности

Очень низкий

Источники

Want to know what is going to be exploited?

We predict KEV entries!