CVE-2026-47184
Received Received - Intake

Memory Exhaustion in Zeroconf mDNS Service Discovery

Vulnerability report for CVE-2026-47184, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: GitHub, Inc.

Description

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.7, DNSCache._async_add inserted every response record into cache, _expirations, _expire_heap, and service_cache without a cap, allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to multicast valid mDNS responses with unique names and cause memory exhaustion, slower cache lookups, slower async_expire passes, and broken discovery, registration, and ServiceBrowser callbacks. This issue is fixed in version 0.149.7.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-18
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
python-zeroconf zeroconf to 0.149.7 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-47184 is a memory exhaustion vulnerability in the python-zeroconf library affecting versions before 0.149.7. An unauthenticated attacker on the local network can send crafted mDNS responses with unique names, causing the DNSCache to grow indefinitely without bounds. This leads to memory exhaustion on devices like Raspberry Pi systems, resulting in performance degradation or crashes.

Detection Guidance

Monitor memory usage and cache growth on systems running python-zeroconf. Check for excessive mDNS traffic on UDP port 5353 using tools like tcpdump or Wireshark. Look for repeated unique mDNS responses from unauthorized hosts.

Impact Analysis

This vulnerability can cause memory exhaustion on affected systems, leading to slower performance, disrupted zeroconf services, or crashes due to out-of-memory conditions. Constrained devices like Raspberry Pi running Home Assistant are particularly vulnerable. Network-level protections like restricting mDNS traffic to trusted segments can help mitigate the risk.

Compliance Impact

This vulnerability primarily impacts availability by causing memory exhaustion on devices, which could lead to system crashes or degraded performance. While not directly violating GDPR or HIPAA, such disruptions may indirectly affect compliance by impairing systems handling sensitive data (e.g., Home Assistant on Raspberry Pi). Unbounded cache growth could also delay critical service discovery, potentially impacting data processing or access controls.

Mitigation Strategies

Upgrade python-zeroconf to version 0.149.7 or later. Restrict mDNS traffic to trusted network segments. Monitor system memory and network traffic for signs of cache flooding.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-47184. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart