Vulnerability in Python-zeroconf

CVE-2026-48487

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.16, _read_character_string and _read_string in src/zeroconf/_protocol/incoming.py advanced self.offset by attacker-declared RDLENGTH without checki…

Affected products

Weakness classification (CWE)

References