Impact "AsyncListener.handle_query_or_defer" retained every truncated (TC-bit) incoming query in "self._deferred[addr]" and armed a per-addr timer in "self._timers[addr]" that flushed the reassembled query within ~500 ms (RFC 6762 §18.5). Neither the per-addr list nor the number of distinct "addr" keys was capped, and the dedup check ("for incoming in reversed(deferred): if incoming.data == msg.data") ran O(N) over the per-addr list on every arrival. Any unauthenticated host on the local link (UDP/5353, "224.0.0.251" / "ff02::fb") can stream byte-distinct TC-flagged mDNS queries — each up to "_MAX_MSG_ABSOLUTE = 8966" bytes, with "DNSIncoming" retaining the raw "data" buffer plus parsed-record state. Trivially spoofed source IPs multiply the effect across "_deferred" / "_timers", and the O(N) data compare burns CPU quadratically as each per-addr queue grows. On memory-constrained deployments (Home Assistant on Raspberry-Pi-class hardware is the canonical victim) sustained traffic OOM-kills the process; under lighter load, the per-arrival scan and event-loop scheduler starvation break unrelated zeroconf consumers (discovery, registration, ServiceBrowser callbacks). Patches Fixed in "zeroconf" 0.149.12 ("PR #1751" (https://github.com/python-zeroconf/python-zeroconf/pull/1751)). Upgrade to ">= 0.149.12". Workarounds There is no in-process workaround; upgrading is the fix. Otherwise, restrict mDNS (UDP/5353) to trusted Layer-2 segments via AP client isolation, guest-network separation, or host firewall rules. Resources - "PR #1751" (https://github.com/python-zeroconf/python-zeroconf/pull/1751), fix - "RFC 6762 §18.5" (https://www.rfc-editor.org/rfc/rfc6762#section-18.5), "CWE-400" (https://cwe.mitre.org/data/definitions/400.html)