cve-2016-9686
Vulnerability from cvelistv5
Published
2017-02-08 22:00
Modified
2024-08-06 02:59
Severity
Summary
The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2.
References
| Source | URL | Tags |
|---|---|---|
| security@puppet.com | https://puppet.com/security/cve/cve-2016-9686 | Vendor Advisory |
Impacted products
| Vendor | Product |
|---|---|
| Puppet | Puppet Enterprise |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://puppet.com/security/cve/cve-2016-9686"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Puppet Enterprise",
"vendor": "Puppet",
"versions": [
{
"status": "affected",
"version": "2015.3.x"
},
{
"status": "affected",
"version": "2016.x prior to 2016.4.3"
},
{
"status": "affected",
"version": "2016.5.1."
}
]
}
],
"datePublic": "2017-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-08T21:57:01",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "puppet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://puppet.com/security/cve/cve-2016-9686"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"ID": "CVE-2016-9686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Puppet Enterprise",
"version": {
"version_data": [
{
"version_value": "2015.3.x"
},
{
"version_value": "2016.x prior to 2016.4.3"
},
{
"version_value": "2016.5.1."
}
]
}
}
]
},
"vendor_name": "Puppet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/cve-2016-9686",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/cve-2016-9686"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "puppet",
"cveId": "CVE-2016-9686",
"datePublished": "2017-02-08T22:00:00",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2016-9686\",\"sourceIdentifier\":\"security@puppet.com\",\"published\":\"2017-02-08T22:59:00.730\",\"lastModified\":\"2019-07-10T15:40:36.237\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2.\"},{\"lang\":\"es\",\"value\":\"El Puppet Communications Protocol (PCP) Broker valida incorrectamente tama\u00f1os de la cabecera del mensaje. Un atacante podr\u00eda utilizar \u00e9sto para bloquear el PCP Broker, evitando que se env\u00eden comandos a los agentes. \u00c9sto est\u00e1 resuelto en Puppet Enterprise 2016.4.3 y 2016.5.2.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2016.4.0\",\"versionEndExcluding\":\"2016.4.3\",\"matchCriteriaId\":\"26593001-EE83-42CF-931C-6D85510921DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puppet:puppet_enterprise:2016.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"299ACFD1-609F-42CA-B0E5-F7B54A1ACBC9\"}]}]}],\"references\":[{\"url\":\"https://puppet.com/security/cve/cve-2016-9686\",\"source\":\"security@puppet.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...