zeroconf is vulnerable to Uncontrolled Resource Consumption
50
Medium Risk
The QuestionHistory that implements RFC 6762 duplicate-question suppression stored every distinct incoming question in an unbounded dictionary through add_question_at_time, relying only on a periodic expiry sweep to drop stale entries. An unauthenticated peer on the local link can flood the mDNS listener with distinct questions faster than the periodic cleanup runs, growing the history without bound between sweeps. On memory-constrained deployments this can exhaust process memory and cause an out-of-memory denial of service. The fix caps the history at a fixed number of entries and evicts expired or oldest entries once the cap is reached.
You are affected if you are using a version that falls within the vulnerable range.
zeroconf is vulnerable to Uncontrolled Resource Consumption in versions 0.32.0 - 0.149.8.
Upgrade the zeroconf library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant