CVE-2012-4406

CWE-502 — Deserialization of Untrusted Data CWE-94 — Code Injection11 documents8 sources

Severity

9.8CRITICAL

EPSS

4.7%

top 10.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Swift Fedoraproject Fedora Redhat Enterprise Linux Server +4 more

Timeline

PublishedOct 22

Latest updateMay 17

Description

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

▶NVDopenstack/swift< 1.7.0

▶PyPIswift< 1.7.0

▶Debianswift< 1.4.8-2+3

▶NVDredhat/storage2.0

▶NVDredhat/gluster_storage2.0

Also affects: Fedora 16

Patches

Patch: bugs.launchpad.net ↗Patch: bugzilla.redhat.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

OpenStack Object Storage (swift) Code Injection vulnerability↗2022-05-17

▶

OSV

OpenStack Object Storage (swift) Code Injection vulnerability↗2022-05-17

▶

CVEList

CVE-2012-4406: OpenStack Object Storage (swift) before 1↗2012-10-22

▶

OSV

CVE-2012-4406: OpenStack Object Storage (swift) before 1↗2012-10-22

▶

📋Vendor Advisories

Ubuntu

OpenStack Swift vulnerabilities↗2013-06-20

▶

Red Hat

Openstack-Swift: insecure use of python pickle()↗2012-05-30

▶

Debian

CVE-2012-4406: swift - OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pic...↗2012

▶

💬Community

Bugzilla

CVE-2012-4406 Openstack-Swift: insecure use of python pickle() [epel-6]↗2012-09-12

▶

Bugzilla

CVE-2012-4406 Openstack-Swift: insecure use of python pickle() [fedora-all]↗2012-09-05

▶

Bugzilla

CVE-2012-4406 Openstack-Swift: insecure use of python pickle()↗2012-09-05

▶