GHSA-9pgc-3ccv-5297

Source

https://github.com/advisories/GHSA-9pgc-3ccv-5297

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-9pgc-3ccv-5297/GHSA-9pgc-3ccv-5297.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-9pgc-3ccv-5297

Aliases

CVE-2026-47180

Published

2026-05-29T20:09:52Z

Modified

2026-05-29T20:15:14.866644739Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service

Details

Impact

DNSIncoming._decode_labels_at_offset recurses once per DNS-name compression pointer (RFC 1035 §4.1.4). Pointer cycles and label counts were capped, but the chain length of unique forward pointers was not. A single ~3 kB mDNS packet carrying ~1500 chained pointers drives the recursion past CPython's default limit, and RecursionError was not listed in DECODE_EXCEPTIONS, so it escaped DNSIncoming.__init__ and was logged by asyncio's default exception handler.

Any unauthenticated host on the local link (UDP/5353, 224.0.0.251 / ff02::fb) can degrade the mDNS listener; that includes a guest on the same Wi-Fi, a compromised IoT device, or a container on a shared bridge. Replaying at a few hertz produces sustained CPU burn and log flooding, and mDNS-dependent features (HomeKit, Chromecast/Matter, AirPlay, printers) degrade while the attack is in flight.

Patches

Fixed in zeroconf 0.149.5 (PR #1719). Upgrade to >= 0.149.5.

Workarounds

There is no in-process workaround; upgrading is the fix. Otherwise, restrict mDNS (UDP/5353) to trusted Layer-2 segments via AP client isolation, guest-network separation, or host firewall rules.

Resources

PR #1719, fix
Issue #1713, public tracking issue
RFC 1035 §4.1.4, RFC 6762, CWE-674

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-29T20:09:52Z",
    "nvd_published_at": null,
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-674"
    ]
}

References

Affected packages

PyPI / zeroconf

Package

Name: zeroconf; View open source insights on deps.dev
Purl: pkg:pypi/zeroconf

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.149.5

Affected versions

0.*

0.14

0.15

0.15.1

0.16.0

0.17.0

0.17.1

0.17.2

0.17.3

0.17.4

0.17.5

0.17.6

0.17.7

0.18.0

0.19.0

0.19.1

0.20.0

0.21.0

0.21.1

0.21.2

0.21.3

0.22.0

0.23.0

0.24.0

0.24.1

0.24.2

0.24.3

0.24.4

0.24.5

0.25.0

0.25.1

0.26.0

0.26.1

0.26.2

0.26.3

0.27.0

0.27.1

0.28.0

0.28.1

0.28.2

0.28.3

0.28.4

0.28.5

0.28.6

0.28.7

0.28.8

0.29.0

0.30.0

0.31.0

0.32.0

0.32.1

0.33.0

0.33.1

0.33.2

0.33.3

0.33.4

0.34.0

0.34.1

0.34.2

0.34.3

0.35.0

0.35.1

0.36.0

0.36.1

0.36.2

0.36.3

0.36.4

0.36.5

0.36.6

0.36.7

0.36.8

0.36.9

0.36.11

0.36.12

0.36.13

0.37.0

0.38.0

0.38.1

0.38.3

0.38.4

0.38.5

0.38.6

0.38.7

0.39.0

0.39.1

0.39.2

0.39.3

0.39.4

0.43.0

0.44.0

0.45.0

0.46.0

0.47.0

0.47.1

0.47.2

0.47.3

0.47.4

0.48.0

0.49.0

0.50.0

0.51.0

0.52.0

0.53.0

0.53.1

0.54.0

0.55.0

0.56.0

0.57.0

0.58.0

0.58.1

0.58.2

0.59.0

0.60.0

0.61.0

0.62.0

0.63.0

0.64.0

0.64.1

0.65.0

0.66.0

0.67.0

0.68.0

0.68.1

0.69.0

0.70.0

0.71.0

0.71.1

0.71.2

0.71.3

0.71.4

0.71.5

0.72.0

0.72.1

0.72.2

0.72.3

0.73.0

0.74.0

0.75.0

0.76.0

0.77.0

0.78.0

0.79.0

0.80.0

0.81.0

0.82.0

0.82.1

0.83.0

0.83.1

0.84.0

0.85.0

0.86.0

0.87.0

0.88.0

0.89.0

0.90.0

0.91.0

0.91.1

0.92.0

0.93.0

0.93.1

0.94.0

0.95.0

0.96.0

0.97.0

0.98.0

0.99.0

0.100.0

0.101.0

0.102.0

0.103.0

0.104.0

0.105.0

0.106.0

0.107.0

0.108.0

0.109.0

0.110.0

0.111.0

0.112.0

0.114.0

0.115.0

0.115.1

0.115.2

0.116.0

0.117.0

0.118.0

0.118.1

0.119.0

0.120.0

0.121.0

0.122.0

0.122.1

0.122.2

0.122.3

0.123.0

0.124.0

0.125.0

0.126.0

0.127.0

0.128.0

0.128.1

0.128.2

0.128.3

0.128.4

0.128.5

0.129.0

0.130.0

0.131.0

0.132.0

0.132.1

0.132.2

0.133.0

0.134.0

0.135.0

0.136.0

0.136.1

0.136.2

0.137.0

0.137.1

0.137.2

0.138.0

0.138.1

0.139.0

0.140.0

0.140.1

0.141.0

0.142.0

0.143.0

0.143.1

0.144.0

0.144.1

0.144.2

0.144.3

0.145.0

0.145.1

0.146.0

0.146.1

0.146.2

0.146.3

0.146.4

0.146.5

0.147.0

0.147.1

0.147.2

0.147.3

0.147.4

0.148.0

0.149.0

0.149.1

0.149.2

0.149.3

0.149.4

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-9pgc-3ccv-5297/GHSA-9pgc-3ccv-5297.json"