CVE-2016-9686

The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2.

Published: Feb 8, 2017
Updated: Apr 13, 2023
CVE: CVE-2016-9686
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
puppet / puppet_enterprise	2016.4.0	2016.4.3
puppet / puppet_enterprise	2016.5.1	2016.5.1.x

https://puppet.com/security/cve/cve-2016-9686

Vulnerability Database

289,697

CVE-2016-9686