Alerts This Week
Warning Icon 1 1,111
Alerts This Week
Warning Icon 1 1,111

openSUSE python-zeroconf Moderate DDoS LAN Memory Issue Vuln 2026-21175-1

opensuse
Calendar Grey July 1, 2026
Dist Opensuse Esm H88
This openSUSE update resolves multiple issues in python-zeroconf and includes bug fixes for improved stability.
An update that solves 5 vulnerabilities and has 5 bug fixes can now be installed.

Description

This update for python-zeroconf fixes the following issues:

Changes in python-zeroconf:

- CVE-2026-47180: zeroconf has unbounded recursion in DNS

compression-pointer decoder that allows LAN-local denial of service

(bsc#1268341)

- CVE-2026-47183: zeroconf: Unbounded exception-dedup state retains

packet buffers via traceback frame locals, enabling LAN-local memory

exhaustion (bsc#1268342)

- CVE-2026-47184: zeroconf has unbounded DNS record cache that allows

LAN-local memory exhaustion via multicast flood (bsc#1268343)

- CVE-2026-48045: python-zeroconf: Unbounded TC-deferred queue allows

LAN-local memory exhaustion via spoofed-source flood (bsc#1268388)

- CVE-2026-48487: python-zeroconf: Unvalidated rdlength in record

payload readers allows LAN-local cache corruption via crafted mDNS

packet (bsc#1268235)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods

like YaST online_update or "zypper patch".

...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

python313-zeroconf-0.136.0-bp160.2.1

References

* bsc#1268235

* bsc#1268341

* bsc#1268342

* bsc#1268343

* bsc#1268388

References:

* https://www.suse.com/security/cve/CVE-2026-47180.html

* https://www.suse.com/security/cve/CVE-2026-47183.html

* https://www.suse.com/security/cve/CVE-2026-47184.html

* https://www.suse.com/security/cve/CVE-2026-48045.html

* https://www.suse.com/security/cve/CVE-2026-48487.html

Severity
moderate
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21175-1
Rating: moderate
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here