Main Vulnerability Database Vulnerabilities #VU39671

#VU39671 Input validation error in Puppet Enterprise - CVE-2016-9686

Published: February 9, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU39671

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-9686

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Puppet Enterprise

Software vendor:
Puppet Labs

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2.

Remediation

Install update from vendor's website.

External links

https://puppet.com/security/cve/cve-2016-9686

#VU39671 Input validation error in Puppet Enterprise - CVE-2016-9686

Description

Remediation

External links

Please verify you're human