zeroconf
PyPI5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting zeroconfpage 1 of 1
- CVE-2026-47180MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.149.52026-05-29
vulnerable: 0.100.0 ... 0.99.0 (251 versions)
zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service ### Impact `DNSIncoming._decode_labels_at_offset` recurses once per DNS-name compression pointer (RFC 1035 §4.1.4). Pointer cycl…
- CVE-2026-47183MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.149.62026-05-29
vulnerable: 0.100.0 ... 0.99.0 (252 versions)
zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion ### Impact `DNSIncoming._log_exception_debug` and the four `QuietLogger` exception-dedup methods stored an u…
- CVE-2026-47184MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.149.72026-05-29
vulnerable: 0.100.0 ... 0.99.0 (253 versions)
zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood ### Impact `DNSCache._async_add` inserted every response record into `cache`, `_expirations`, `_expire_heap`, and `service_cache` with no…
- CVE-2026-48045MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.149.122026-06-11
vulnerable: 0.100.0 ... 0.99.0 (258 versions)
python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood ### Impact `AsyncListener.handle_query_or_defer` retained every truncated (TC-bit) incoming query in `self._deferred[addr]` and arme…
- CVE-2026-48487MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.149.162026-06-22
vulnerable: 0.100.0 ... 0.99.0 (259 versions)
zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruption via crafted mDNS packet ### Impact `_read_character_string` and `_read_string` in `src/zeroconf/_protocol/incoming.py` sliced `self.data[self.offs…
Check whether zeroconf is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for zeroconf CVEs against the assets you own.
Start Free Scan →