What is CVE-2016-9686?

CVE-2016-9686 is a medium-severity vulnerability in Puppet Enterprise, classified under Improper Input Validation. CVSS score: 5.3/10. Published 2017-02-08.

How severe is CVE-2016-9686?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Improper input validation in Puppet Enterprise

CVE-2016-9686

The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 a…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.004 (59.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.

Affected products

Puppet Enterprise — versions 2015.3.x, 2016.x prior to 2016.4.3, 2016.5.1.
Puppet Puppet_enterprise — versions 2016.5.1

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

security@puppet.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2016-9686?: CVE-2016-9686 is a medium-severity vulnerability in Puppet Enterprise, classified under Improper Input Validation. CVSS score: 5.3/10. Published 2017-02-08.
How severe is CVE-2016-9686?: Medium severity. CVSS v3 base score is 5.3 out of 10.