CVE-2016-9686

Published: Feb 8, 2017Modified: May 13, 2026

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2.

Affected (2)

Products: Puppet: Puppet Enterprise

1 product

Puppet Enterprise

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Puppet Puppet Enterprise	From 2016.4.0 to 2016.4.3
Puppet Puppet Enterprise	Version 2016.5.1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://puppet.com/security/cve/cve-2016-9686

Source: security@puppet.com

Vendor Advisory

https://puppet.com/security/cve/cve-2016-9686

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.