OESA-2026-2832

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2832
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-2832.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-2832
Upstream
  • CVE-2026-48487
Published
2026-07-06T06:27:10Z
Modified
2026-07-06T06:45:12.483715422Z
Summary
python-zeroconf security update
Details

Pure Python Multicast DNS Service Discovery Library (Bonjour/Avahi compatible)

Security Fix(es):

_read_character_string and _read_string in src/zeroconf/_protocol/incoming.py sliced self.data[self.offset : self.offset + length] and advanced self.offset by the declared length without checking it against self._data_len. Python's slice silently returns fewer bytes when the end index runs past the buffer, so a record whose 16-bit RDLENGTH (RFC 1035 ยง3.2.1) over-advertised by tens of kilobytes was constructed from a truncated payload, appended to DNSIncoming._answers, and committed to the cache before any later parse failure surfaced. Any unauthenticated host on the local link (UDP/5353, 224.0.0.251 / ff02::fb) can multicast a single mDNS response carrying a TXT, HINFO, or A/AAAA record that advertises rdlength=65535 and only a handful of real payload bytes; consumers calling ServiceInfo.properties then parse the truncated bytes as if they matched the wire, and downstream integrations (Home Assistant and other zeroconf-driven discovery) trust the decoded record. The bug is parser-state desync rather than RCE, but it seeds the cache with attacker-shaped key/value and address records for a TTL window and is a building block for higher-impact chains.(CVE-2026-48487)

Database specific
{
    "severity": "Medium"
}
References

Affected packages

openEuler:24.03-LTS-SP1 / python-zeroconf

Package

Name
python-zeroconf
Purl
pkg:rpm/openEuler/python-zeroconf&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.131.0-2.oe2403sp1

Ecosystem specific

{
    "src": [
        "python-zeroconf-0.131.0-2.oe2403sp1.src.rpm"
    ],
    "noarch": [
        "python-zeroconf-help-0.131.0-2.oe2403sp1.noarch.rpm",
        "python3-zeroconf-0.131.0-2.oe2403sp1.noarch.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2026-2832.json"