Another branded vulnerability receiving much more attention than it should.
It’s a bypass type vulnerability, which can’t be used by itself. Carrying out an attack requires another program, which already contains a serious vulnerability. Improper handling of data arriving at the socket, an authentication bypass or request handling vulnerability, or no authentication at all.
While 0.0.0.0 is kind of special, similar to often overlooked port 0, this is a member of the entire family of issues. Almost all of them not even being bugs and working as intended. A mismatch between how things are meant to work and what programmers and netops did, with browser vendors being expected to fix others’ mistakes to not face FUD.
A thing often missed from “0.0.0.0-day” reports is that UDP services are also potentialy vulnerable due to HTTP/3. The risk is even lower than with TCP services, but can’t be ruled out.