python-zeroconf
CVE-2026-47184
MEDIUM
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2Blast Radius
ecosystem impact- 1 pypi packages depend on zeroconf (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 0.149.7.
DescriptionGitHub Advisory
Impact
DNSCache._async_add inserted every response record into cache, _expirations, _expire_heap, and service_cache with no cap on entry count. The only pre-existing protection was a PTR TTL floor (_DNS_PTR_MIN_TTL = 1125 s, RFC 6762 §10), which actually *prolonged* attacker-injected records, and a periodic async_expire on _CACHE_CLEANUP_INTERVAL = 10 s that could not keep up with a flood.
Any unauthenticated host on the local link (UDP/5353, 224.0.0.251 / ff02::fb) can multicast valid mDNS responses with unique names (RFC 6762 §11 allows up to 253 bytes each) and watch them accumulate. On memory-constrained deployments (Home Assistant on Raspberry-Pi-class hardware is the canonical victim) sustained traffic OOM-kills the process; under lighter load, every cache lookup and every periodic expiry pass grows linearly slower, starving asyncio and breaking unrelated zeroconf consumers (discovery, registration, ServiceBrowser callbacks). A second variant - re-multicasting cached records with shifting TTLs - grows _expire_heap unbounded between cleanup runs without touching cache or _total_records.
Patches
Fixed in zeroconf 0.149.6 (PR #1718). Upgrade to >= 0.149.6.
Workarounds
There is no in-process workaround; upgrading is the fix. Otherwise, restrict mDNS (UDP/5353) to trusted Layer-2 segments via AP client isolation, guest-network separation, or host firewall rules.
Resources
- PR #1718, fix
- Issue #1715, public tracking issue
- RFC 6762 §10, RFC 6762 §11, CWE-400
AnalysisAI
Memory exhaustion in python-zeroconf's DNSCache component allows any unauthenticated host on the same Layer-2 segment to OOM-kill or severely degrade processes that consume mDNS/DNS-SD services (CVSS 6.5, AV:A/PR:N). The DNSCache._async_add method imposed no upper bound on cache entries, permitting a local-link attacker to multicast valid mDNS responses with unique names that accumulate across all four internal data structures faster than the 10-second cleanup interval can purge them. A second distinct variant exploits TTL re-advertisement to bloat the internal _expire_heap independently of the cache entry counter, providing a second unbounded growth path that bypasses any entry-count monitoring. No public exploit is identified at time of analysis; a vendor-released patch is available as of zeroconf 0.149.6 or 0.149.7 (minor version discrepancy between sources - see confidence notes).
Technical ContextAI
The affected component is the Python zeroconf package (pip/zeroconf), a pure-Python implementation of Multicast DNS per RFC 6762 and DNS-SD per RFC 6763, used extensively in home automation stacks such as Home Assistant. The root cause is CWE-400 (Uncontrolled Resource Consumption): DNSCache._async_add in src/zeroconf/_cache.py unconditionally inserts every incoming mDNS record into four internal structures - cache (keyed dict), _expirations (record-to-deadline map), _expire_heap (min-heap for expiry scheduling), and service_cache - with no entry cap. The PTR TTL floor of 1125 seconds mandated by RFC 6762 §10 paradoxically extended attacker-injected records' residency rather than constraining them. The periodic async_expire coroutine running every 10 seconds was architecturally insufficient to drain a sustained flood. A secondary variant exploits RFC 6762 §11's allowance for TTL re-advertisement: replaying records with shifting TTLs appends duplicate stale tuples to _expire_heap without incrementing the cache key counter, causing heap bloat that is invisible to entry-count logic. The fix in PR #1718 introduces a _MAX_CACHE_RECORDS constant hard cap, an LRU-style _async_evict_oldest method that pops the closest-to-expiring entry when the cap is reached, and a _maybe_rebuild_heap method that compacts the heap when stale entries dominate live ones - addressing both attack variants.
RemediationAI
Upgrade to zeroconf >= 0.149.7 via pip install "zeroconf>=0.149.7" - this is the conservative guidance given the discrepancy between the advisory (0.149.6) and package metadata (0.149.7); verify against the PyPI release history and the merged fix at https://github.com/python-zeroconf/python-zeroconf/pull/1718. The vendor advisory at https://github.com/python-zeroconf/python-zeroconf/security/advisories/GHSA-rfg2-pjw2-56x2 explicitly confirms there is no viable in-process workaround; upgrading is the only software-level fix. As a network-level compensating control where immediate patching is not possible, restrict UDP/5353 (mDNS multicast to 224.0.0.251 / ff02::fb) to trusted Layer-2 segments using AP client isolation between IoT and untrusted devices, VLAN segmentation with guest-network separation, or host-level firewall rules blocking inbound mDNS from untrusted interfaces. Note that AP client isolation prevents device-to-device mDNS traffic entirely, which will break legitimate service discovery between devices on the same segment - evaluate this operational trade-off before deployment. Host firewall rules scoped to specific source MAC ranges are more surgical but operationally complex to maintain at scale.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301
Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allVendor StatusVendor
SUSE
Severity: ModerateShare
External POC / Exploit Code
Leaving vuln.today
GHSA-rfg2-pjw2-56x2