CVE-2016-9686

EUVD-2016-10487
The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
puppetpuppet_enterprise
2016.4.0 ≤
𝑥
< 2016.4.3
puppetpuppet_enterprise
2016.5.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
puppet
bullseye
5.5.22-2
fixed
Common Weakness Enumeration
References
https://puppet.com/security/cve/cve-2016-9686
https://puppet.com/security/cve/cve-2016-9686