Low severityNVD Advisory· Published May 29, 2012· Updated Jun 16, 2026
CVE-2012-1987
CVE-2012-1987
Description
Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
puppetRubyGems | >= 2.6.0, < 2.6.15 | 2.6.15 |
puppetRubyGems | >= 2.7.0, < 2.7.13 | 2.7.13 |
Affected products
1Patches
Vulnerability mechanics
References
29- projects.puppetlabs.com/issues/13552nvdBroken LinkVendor Advisory
- projects.puppetlabs.com/issues/13553nvdBroken LinkVendor Advisory
- puppetlabs.com/security/cve/cve-2012-1987/nvdBroken LinkVendor Advisory
- puppetlabs.com/security/cve/cve-2012-1987/hotfixes/nvdBroken LinkVendor Advisory
- secunia.com/advisories/48743nvdBroken LinkVendor Advisory
- secunia.com/advisories/48748nvdBroken LinkVendor Advisory
- secunia.com/advisories/48789nvdBroken LinkVendor Advisory
- secunia.com/advisories/49136nvdBroken LinkVendor Advisory
- ubuntu.com/usn/usn-1419-1nvdThird Party AdvisoryWEB
- www.debian.org/security/2012/dsa-2451nvdMailing ListThird Party AdvisoryWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/74794nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-v58w-6xc2-w799ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-1987ghsaADVISORY
- lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.htmlnvdBroken LinkWEB
- lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.htmlnvdBroken LinkWEB
- lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.htmlnvdBroken LinkWEB
- projects.puppetlabs.com/projects/1/wiki/Release_NotesnvdBroken Link
- www.osvdb.org/81308nvdBroken Link
- www.securityfocus.com/bid/52975nvdBroken Link
- github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bcghsaWEB
- github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.ymlghsaWEB
- hermes.opensuse.org/messages/14523305nvdBroken LinkWEB
- hermes.opensuse.org/messages/15087408nvdBroken LinkWEB
- web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975ghsaWEB
- web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553ghsaWEB
- web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552ghsaWEB
- web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_NotesghsaWEB
- web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987ghsaWEB
News mentions
0No linked articles in our index yet.