CVE-2016-9686

EPSS 0.52%
Published 08.02.2017 22:59:00
Last modified 20.04.2025 01:37:25
Source security@puppet.com
Teams watchlist Login
Open Login

The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Puppet ≫ Puppet Enterprise Version >= 2016.4.0 < 2016.4.3

Puppet ≫ Puppet Enterprise Version2016.5.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.52%	0.642

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://puppet.com/security/cve/cve-2016-9686

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-9686

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-9686

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-9686

EUVD