CVE-2016-9686

The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
puppetCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
puppetpuppet_enterprise
2016.4.0 ≤
𝑥
< 2016.4.3
puppetpuppet_enterprise
2016.5.1
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
puppetpuppet
2015.3.0 ≤
𝑥
< 2015.4.0
CNA
puppetpuppet
2016.5.1.
CNA
Debian logo
Debian Releases
Debian Product
Codename
puppet
bullseye
5.5.22-2
fixed
Common Weakness Enumeration
References
https://puppet.com/security/cve/cve-2016-9686
https://puppet.com/security/cve/cve-2016-9686