Vulnerability	Vulnerable Version
H Allocation of Resources Without Limits or Throttling zeroconf is a Pure Python Multicast DNS Service Discovery Library (Bonjour/Avahi compatible) Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the `AsyncListener.handle_query_or_defer()` function. An attacker can exhaust system memory and degrade service availability by sending a flood of spoofed, truncated mDNS queries from unauthenticated hosts on the local network, causing unbounded queue growth and excessive CPU usage. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `zeroconf` to version 0.149.12 or higher.	[,0.149.12)

Allocation of Resources Without Limits or Throttling

zeroconf is a Pure Python Multicast DNS Service Discovery Library (Bonjour/Avahi compatible)

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the AsyncListener.handle_query_or_defer() function. An attacker can exhaust system memory and degrade service availability by sending a flood of spoofed, truncated mDNS queries from unauthenticated hosts on the local network, causing unbounded queue growth and excessive CPU usage.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade zeroconf to version 0.149.12 or higher.

[,0.149.12)

Go back to all versions of this package