Memory Exhaustion Vulnerability in Zeroconf Multicast DNS Service from Python
CVE-2026-47184
6.5MEDIUM
What is CVE-2026-47184?
Zeroconf, a pure Python implementation of multicast DNS service discovery, before version 0.149.7, allows unauthenticated hosts on the local network to send valid mDNS responses. This can lead to the insertion of multiple records into the DNS cache without limits, causing memory exhaustion. Consequently, this may result in slower cache lookups and degraded performance, severely impacting discovery and registration processes within ServiceBrowser callbacks. The issue has been resolved in version 0.149.7.
Affected Version(s)
python-zeroconf < 0.149.7
