CyberSec.Space Logo
Back to CVE Browser

CVE-2012-4406

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1700%
EPSS Percentile31.26th
PublishedOct 22, 2012
Last ModifiedApr 29, 2026

Vulnerability Description

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.

Affected Platforms (CPE)

πŸ“¦
Openstack

Swift

< 1.7.0
πŸ’»
Fedoraproject

Fedora

= 16
πŸ“¦
Redhat

Gluster Storage Management Console

= 2.0
πŸ“¦
Redhat

Gluster Storage Server For On Premise

= 2.0
πŸ“¦
Redhat

Storage

= 2.0
πŸ“¦
Redhat

Storage For Public Cloud

= 2.0
πŸ’»
Redhat

Enterprise Linux Server

= 5.0
πŸ’»
Redhat

Enterprise Linux Server

= 6.0

References & Advisories

πŸ”— http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2012-1379.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2013-0691.html
πŸ”— http://www.openwall.com/lists/oss-security/2012/09/05/16
πŸ”— http://www.openwall.com/lists/oss-security/2012/09/05/4
πŸ”— http://www.securityfocus.com/bid/55420
πŸ”— https://bugs.launchpad.net/swift/+bug/1006414
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=854757

Related Vulnerabilities

CVE-2021-4042210.0

An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A...

CVE-2016-100749.8

The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra par...

CVE-2017-166139.8

An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swif...

CVE-2009-32539.3

Stack-based buffer overflow in TriceraSoft Swift Ultralite 1.032 allows remote attackers to cause a denial of service (crash) or e...