Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-e2hf-jknj-t3e5
Vulnerability ID VCID-e2hf-jknj-t3e5
Aliases CVE-2012-1987
GHSA-v58w-6xc2-w799
Summary Puppet Denial of Service and Arbitrary File Write A vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to **(1)** cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and `/dev/random`; or **(2)** cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a `Puppet::FileBucket::File object`" to write to arbitrary file locations.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-400 Uncontrolled Resource Consumption
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual LOW http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
generic_textual LOW http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
generic_textual LOW http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
epss 0.00763 https://api.first.org/data/v1/epss?cve=CVE-2012-1987
generic_textual LOW https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
generic_textual LOW https://github.com/advisories/GHSA-v58w-6xc2-w799
generic_textual LOW https://github.com/puppetlabs/puppet
generic_textual LOW https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
generic_textual LOW https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
generic_textual LOW https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml
generic_textual LOW https://hermes.opensuse.org/messages/14523305
generic_textual LOW https://hermes.opensuse.org/messages/15087408
generic_textual LOW https://nvd.nist.gov/vuln/detail/CVE-2012-1987
generic_textual LOW https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
generic_textual LOW https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553
generic_textual LOW https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552
generic_textual LOW https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
generic_textual LOW https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987
generic_textual LOW http://ubuntu.com/usn/usn-1419-1
generic_textual LOW http://www.debian.org/security/2012/dsa-2451
Reference id Reference type URL
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json
https://api.first.org/data/v1/epss?cve=CVE-2012-1987
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987
https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
https://github.com/advisories/GHSA-v58w-6xc2-w799
https://github.com/puppetlabs/puppet
https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc
https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml
https://hermes.opensuse.org/messages/14523305
https://hermes.opensuse.org/messages/15087408
https://nvd.nist.gov/vuln/detail/CVE-2012-1987
https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975
https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553
https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552
https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987
http://ubuntu.com/usn/usn-1419-1
http://www.debian.org/security/2012/dsa-2451
810070 https://bugzilla.redhat.com/show_bug.cgi?id=810070
CVE-2012-1987 https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/
GLSA-201208-02 https://security.gentoo.org/glsa/201208-02
RHSA-2012:1542 https://access.redhat.com/errata/RHSA-2012:1542
USN-1419-1 https://usn.ubuntu.com/1419-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.7371
EPSS Score 0.00763
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T09:40:25.185604+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v58w-6xc2-w799/GHSA-v58w-6xc2-w799.json 38.6.0