Medium severity5.3NVD Advisory· Published Feb 8, 2017· Updated May 13, 2026

CVE-2016-9686

Description

The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2.

Affected products

Puppet (software)/Puppet Enterprise2 versions
cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*range: >=2016.4.0,<2016.4.3
- cpe:2.3:a:puppet:puppet_enterprise:2016.5.1:*:*:*:*:*:*:*
Puppet/Puppet Enterprisev5
Range: 2015.3.x

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

puppet.com/security/cve/cve-2016-9686nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000