CVE-2026-47184

Source
https://cve.org/CVERecord?id=CVE-2026-47184
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-47184.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-47184
Aliases
Downstream
Related
Published
2026-07-17T18:25:07.387Z
Modified
2026-07-19T03:47:20.020263277Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Zeroconf: Unbounded DNS record cache allows LAN-local memory exhaustion via multicast flood
Details

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.7, DNSCache.asyncadd inserted every response record into cache, expirations, expireheap, and servicecache without a cap, allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to multicast valid mDNS responses with unique names and cause memory exhaustion, slower cache lookups, slower async_expire passes, and broken discovery, registration, and ServiceBrowser callbacks. This issue is fixed in version 0.149.7.

Database specific
{
    "cwe_ids": [
        "CWE-770"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/47xxx/CVE-2026-47184.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/python-zeroconf/python-zeroconf

Affected ranges

Type
GIT
Repo
https://github.com/python-zeroconf/python-zeroconf
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.149.7"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ]
}

Affected versions

0.*
0.100.0
0.101.0
0.102.0
0.103.0
0.104.0
0.105.0
0.106.0
0.107.0
0.108.0
0.109.0
0.110.0
0.111.0
0.112.0
0.113.0
0.114.0
0.115.0
0.115.1
0.115.2
0.116.0
0.117.0
0.118.0
0.118.1
0.119.0
0.120.0
0.121.0
0.122.0
0.122.1
0.122.2
0.122.3
0.123.0
0.124.0
0.125.0
0.126.0
0.127.0
0.128.0
0.128.1
0.128.2
0.128.3
0.128.4
0.128.5
0.129.0
0.13
0.130.0
0.131.0
0.132.0
0.132.1
0.132.2
0.133.0
0.134.0
0.135.0
0.136.0
0.136.1
0.136.2
0.137.0
0.137.1
0.137.2
0.138.0
0.138.1
0.139.0
0.14
0.140.0
0.140.1
0.141.0
0.142.0
0.143.0
0.143.1
0.144.0
0.144.1
0.144.2
0.144.3
0.145.0
0.145.1
0.146.0
0.146.1
0.146.2
0.146.3
0.146.4
0.146.5
0.147.0
0.147.1
0.147.2
0.147.3
0.147.4
0.148.0
0.149.0
0.149.1
0.149.2
0.149.3
0.149.4
0.149.5
0.149.6
0.15
0.15.1
0.16
0.17.0
0.17.1
0.17.2
0.17.3
0.17.4
0.17.5
0.17.6
0.17.7
0.18.0
0.19.0
0.19.1
0.20.0
0.21.0
0.21.1
0.21.2
0.21.3
0.22.0
0.23.0
0.24.0
0.24.1
0.24.2
0.24.3
0.24.4
0.24.5
0.25.0
0.25.1
0.26.0
0.26.1
0.26.3
0.27.0
0.27.1
0.28.0
0.28.1
0.28.2
0.28.3
0.28.4
0.28.5
0.28.6
0.28.7
0.28.8
0.29.0
0.32.0
0.32.0b1
0.32.0b2
0.32.0b3
0.32.0b4
0.32.0b5
0.32.0b6
0.32.0rc1
0.32.0rc2
0.32.0rc3
0.32.0rc4
0.32.0rc5
0.32.0rc6
0.32.0rc7
0.32.1
0.33.0
0.33.1
0.33.2
0.33.3
0.33.4
0.34.0
0.34.1
0.34.2
0.34.3
0.35.0
0.35.1
0.36.0
0.36.1
0.36.10
0.36.11
0.36.12
0.36.13
0.36.2
0.36.3
0.36.4
0.36.5
0.36.6
0.36.7
0.36.8
0.36.9
0.37.0
0.38.0
0.38.1
0.38.2
0.38.3
0.38.4
0.38.5
0.38.6
0.38.7
0.39.0
0.39.1
0.39.2
0.39.3
0.39.4
0.39.5
0.40.0
0.40.1
0.41.0
0.42.0
0.43.0
0.44.0
0.45.0
0.46.0
0.47.0
0.47.1
0.47.2
0.47.3
0.47.4
0.48.0
0.49.0
0.50.0
0.51.0
0.52.0
0.53.0
0.53.1
0.54.0
0.55.0
0.56.0
0.57.0
0.58.0
0.58.1
0.58.2
0.59.0
0.60.0
0.61.0
0.62.0
0.63.0
0.64.0
0.64.1
0.65.0
0.66.0
0.67.0
0.68.0
0.68.1
0.69.0
0.70.0
0.71.0
0.71.1
0.71.2
0.71.3
0.71.4
0.71.5
0.72.0
0.72.1
0.72.2
0.72.3
0.73.0
0.74.0
0.75.0
0.76.0
0.77.0
0.78.0
0.79.0
0.80.0
0.81.0
0.82.0
0.82.1
0.83.0
0.83.1
0.84.0
0.85.0
0.86.0
0.87.0
0.88.0
0.89.0
0.90.0
0.91.0
0.91.1
0.92.0
0.93.0
0.93.1
0.94.0
0.95.0
0.96.0
0.97.0
0.98.0
0.99.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-47184.json"