python · zeroconfHeads-up
zeroconf: Unbounded memory consumption in AsyncListener.handle_query_or_defer
A security vulnerability in zeroconf's AsyncListener.
What changed
A security vulnerability in zeroconf's AsyncListener.handle_query_or_defer allows unauthenticated local-link attackers to cause denial of service via unbounded memory consumption and CPU exhaustion.
Who it affects
All users of zeroconf prior to 0.149.12, especially those on memory-constrained devices like Home Assistant on Raspberry Pi.
What to do today
Upgrade zeroconf to version 0.149.12 or later.
The trail
Collected→
Audited→
Written→
Published