{
  "claim_outcome": "partial",
  "claim_block_reason": "scope_mismatch",
  "repro_result": "confirmed",
  "validated_surface": "api_remote",
  "evidence_scope": "realistic_harness",
  "claimed_impact_class": "memory_corruption",
  "observed_impact_class": "memory_corruption",
  "exploitability_confidence": "high",
  "attacker_controlled_input": "mDNS PTR query triggering large TXT record response (300 bytes to 282-byte buffer)",
  "trigger_path": "build_txt_record() <- handle_mdns_query() <- handle_mdns_record() in src/dns.c",
  "end_to_end_target_reached": true,
  "sanitizer_used": true,
  "crash_observed": true,
  "read_write_primitive_observed": true,
  "exploit_chain_demonstrated": false,
  "blocking_mitigation": null,
  "inferred": false,
  "notes": "CVE-2026-5245 confirmed via ASAN stack-buffer-overflow in build_txt_record(). Write of 300 bytes overflows 282-byte buffer. Vulnerable: 1bb85799, fixed: 0d882f1b. Ticket surface claim (api_remote/authenticate) is incorrect - actual surface is unauthenticated UDP mDNS port 5353."
}