CVE-2026-47183

Source
https://cve.org/CVERecord?id=CVE-2026-47183
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-47183.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-47183
Aliases
Downstream
Related
Published
2026-07-17T18:22:59.803Z
Modified
2026-07-19T03:47:01.929350077Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion
Details

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.6, DNSIncoming.logexceptiondebug and the four QuietLogger exception-dedup methods stored an unbounded seenlogs dictionary keyed by attacker-influenced IncomingDecodeError messages, retaining sys.excinfo() tracebacks whose frame locals kept raw packet self.data buffers and allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to drive memory growth until mDNS-dependent features degrade or the process is OOM-killed. This issue is fixed in version 0.149.6.

Database specific
{
    "cwe_ids": [
        "CWE-400"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/47xxx/CVE-2026-47183.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/python-zeroconf/python-zeroconf

Affected ranges

Type
GIT
Repo
https://github.com/python-zeroconf/python-zeroconf
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.149.6"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ]
}

Affected versions

0.*
0.100.0
0.101.0
0.102.0
0.103.0
0.104.0
0.105.0
0.106.0
0.107.0
0.108.0
0.109.0
0.110.0
0.111.0
0.112.0
0.113.0
0.114.0
0.115.0
0.115.1
0.115.2
0.116.0
0.117.0
0.118.0
0.118.1
0.119.0
0.120.0
0.121.0
0.122.0
0.122.1
0.122.2
0.122.3
0.123.0
0.124.0
0.125.0
0.126.0
0.127.0
0.128.0
0.128.1
0.128.2
0.128.3
0.128.4
0.128.5
0.129.0
0.13
0.130.0
0.131.0
0.132.0
0.132.1
0.132.2
0.133.0
0.134.0
0.135.0
0.136.0
0.136.1
0.136.2
0.137.0
0.137.1
0.137.2
0.138.0
0.138.1
0.139.0
0.14
0.140.0
0.140.1
0.141.0
0.142.0
0.143.0
0.143.1
0.144.0
0.144.1
0.144.2
0.144.3
0.145.0
0.145.1
0.146.0
0.146.1
0.146.2
0.146.3
0.146.4
0.146.5
0.147.0
0.147.1
0.147.2
0.147.3
0.147.4
0.148.0
0.149.0
0.149.1
0.149.2
0.149.3
0.149.4
0.149.5
0.15
0.15.1
0.16
0.17.0
0.17.1
0.17.2
0.17.3
0.17.4
0.17.5
0.17.6
0.17.7
0.18.0
0.19.0
0.19.1
0.20.0
0.21.0
0.21.1
0.21.2
0.21.3
0.22.0
0.23.0
0.24.0
0.24.1
0.24.2
0.24.3
0.24.4
0.24.5
0.25.0
0.25.1
0.26.0
0.26.1
0.26.3
0.27.0
0.27.1
0.28.0
0.28.1
0.28.2
0.28.3
0.28.4
0.28.5
0.28.6
0.28.7
0.28.8
0.29.0
0.32.0
0.32.0b1
0.32.0b2
0.32.0b3
0.32.0b4
0.32.0b5
0.32.0b6
0.32.0rc1
0.32.0rc2
0.32.0rc3
0.32.0rc4
0.32.0rc5
0.32.0rc6
0.32.0rc7
0.32.1
0.33.0
0.33.1
0.33.2
0.33.3
0.33.4
0.34.0
0.34.1
0.34.2
0.34.3
0.35.0
0.35.1
0.36.0
0.36.1
0.36.10
0.36.11
0.36.12
0.36.13
0.36.2
0.36.3
0.36.4
0.36.5
0.36.6
0.36.7
0.36.8
0.36.9
0.37.0
0.38.0
0.38.1
0.38.2
0.38.3
0.38.4
0.38.5
0.38.6
0.38.7
0.39.0
0.39.1
0.39.2
0.39.3
0.39.4
0.39.5
0.40.0
0.40.1
0.41.0
0.42.0
0.43.0
0.44.0
0.45.0
0.46.0
0.47.0
0.47.1
0.47.2
0.47.3
0.47.4
0.48.0
0.49.0
0.50.0
0.51.0
0.52.0
0.53.0
0.53.1
0.54.0
0.55.0
0.56.0
0.57.0
0.58.0
0.58.1
0.58.2
0.59.0
0.60.0
0.61.0
0.62.0
0.63.0
0.64.0
0.64.1
0.65.0
0.66.0
0.67.0
0.68.0
0.68.1
0.69.0
0.70.0
0.71.0
0.71.1
0.71.2
0.71.3
0.71.4
0.71.5
0.72.0
0.72.1
0.72.2
0.72.3
0.73.0
0.74.0
0.75.0
0.76.0
0.77.0
0.78.0
0.79.0
0.80.0
0.81.0
0.82.0
0.82.1
0.83.0
0.83.1
0.84.0
0.85.0
0.86.0
0.87.0
0.88.0
0.89.0
0.90.0
0.91.0
0.91.1
0.92.0
0.93.0
0.93.1
0.94.0
0.95.0
0.96.0
0.97.0
0.98.0
0.99.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-47183.json"