python-zeroconf
CVE-2026-47180
MEDIUM
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionGitHub Advisory
Impact
DNSIncoming._decode_labels_at_offset recurses once per DNS-name compression pointer (RFC 1035 §4.1.4). Pointer cycles and label counts were capped, but the chain length of unique forward pointers was not. A single ~3 kB mDNS packet carrying ~1500 chained pointers drives the recursion past CPython's default limit, and RecursionError was not listed in DECODE_EXCEPTIONS, so it escaped DNSIncoming.__init__ and was logged by asyncio's default exception handler.
Any unauthenticated host on the local link (UDP/5353, 224.0.0.251 / ff02::fb) can degrade the mDNS listener; that includes a guest on the same Wi-Fi, a compromised IoT device, or a container on a shared bridge. Replaying at a few hertz produces sustained CPU burn and log flooding, and mDNS-dependent features (HomeKit, Chromecast/Matter, AirPlay, printers) degrade while the attack is in flight.
Patches
Fixed in zeroconf 0.149.5 (PR #1719). Upgrade to >= 0.149.5.
Workarounds
There is no in-process workaround; upgrading is the fix. Otherwise, restrict mDNS (UDP/5353) to trusted Layer-2 segments via AP client isolation, guest-network separation, or host firewall rules.
Resources
- PR #1719, fix
- Issue #1713, public tracking issue
- RFC 1035 §4.1.4, RFC 6762, CWE-674
AnalysisAI
Uncontrolled recursion in python-zeroconf's mDNS DNS name decoder (versions < 0.149.5) allows any unauthenticated host on the local link to crash or degrade the mDNS listener with a single ~3 kB packet. The _decode_labels_at_offset method recurses once per DNS compression pointer (RFC 1035 §4.1.4) with no cap on unique forward-pointer chain depth; a packet carrying ~1500 chained pointers overflows CPython's default call stack, and because RecursionError was omitted from DECODE_EXCEPTIONS, the exception escaped DNSIncoming.__init__ rather than being handled gracefully. Replaying at a few hertz produces sustained CPU burn, log flooding, and degradation of all mDNS-dependent services (HomeKit, Chromecast/Matter, AirPlay, network printers); no public exploit identified at time of analysis, but the attack is trivially constructible from the published advisory and test fixture in PR #1719.
Technical ContextAI
The affected component is the pure-Python (and optionally Cython-compiled) mDNS/Zeroconf implementation zeroconf distributed via PyPI (CPE: pkg:pip/zeroconf < 0.149.5). The library implements RFC 6762 Multicast DNS and RFC 1035 DNS wire format parsing. DNS name compression (RFC 1035 §4.1.4) allows labels to be represented as 2-byte pointers to other offsets in the same packet; the decoder _decode_labels_at_offset followed each pointer with a recursive call. Pointer cycles were guarded by a seen_pointers set, and label counts were capped, but the total depth of unique forward-pointer chains - which can be arbitrarily long without cycling - was never bounded. CWE-674 (Uncontrolled Recursion) is the root cause: the recursion depth grows linearly with the number of unique pointers in the packet, and CPython's default sys.setrecursionlimit (typically 1000) is easily exceeded by a chain of ~1500 pointers embedded in a ~3 kB UDP datagram. The compounding defect was that RecursionError was not included in the tuple DECODE_EXCEPTIONS, so instead of being caught and marking the packet invalid, it propagated to asyncio's uncaught-exception handler, leaving the listener in an inconsistent state.
RemediationAI
Upgrade the zeroconf PyPI package to version 0.149.5 or later (pip install 'zeroconf>=0.149.5'). The fix, confirmed in PR #1719 (https://github.com/python-zeroconf/python-zeroconf/pull/1719), applies two changes: it adds a depth parameter to _decode_labels_at_offset and raises IncomingDecodeError when the chain exceeds MAX_DNS_LABELS, and it adds RecursionError to DECODE_EXCEPTIONS so any bypass of the depth check is also caught cleanly. There is no in-process workaround per the vendor advisory. If upgrading immediately is not possible, restrict mDNS traffic at the network boundary: enable AP client isolation on Wi-Fi access points to prevent station-to-station UDP traffic on port 5353; apply host firewall rules (e.g., iptables -A INPUT -p udp --dport 5353 ! -i lo -j DROP on trusted-interface-only setups) to block mDNS from untrusted interfaces; and separate guest or IoT VLANs from production segments. Note that blocking UDP/5353 will break all mDNS-dependent service discovery (HomeKit, AirPlay, Chromecast/Matter, Bonjour printers) on the restricted segments - this is an availability trade-off that must be evaluated per deployment.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301
Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing
Same weakness CWE-674 – Uncontrolled Recursion
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: ModerateShare
External POC / Exploit Code
Leaving vuln.today
GHSA-9pgc-3ccv-5297