Medium severity5.3NVD Advisory· Published Feb 8, 2017· Updated Jun 17, 2026
CVE-2016-9686
CVE-2016-9686
Description
The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2.
Affected products
5cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*range: >=2016.4.0,<2016.4.3
- cpe:2.3:a:puppet:puppet_enterprise:2016.5.1:*:*:*:*:*:*:*
- (no CPE)
- (no CPE)range: 2015.3.x
Patches
Vulnerability mechanics
References
1- puppet.com/security/cve/cve-2016-9686nvdVendor Advisory
News mentions
0No linked articles in our index yet.