CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2012-4406

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1700%
EPSS Percentile31.26th
Published2012年10月22日
Last Modified2026年4月29日

Vulnerability Description

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.

Affected Platforms (CPE)

📦
Openstack

Swift

< 1.7.0
💻
Fedoraproject

Fedora

= 16
📦
Redhat

Gluster Storage Management Console

= 2.0
📦
Redhat

Gluster Storage Server For On Premise

= 2.0
📦
Redhat

Storage

= 2.0
📦
Redhat

Storage For Public Cloud

= 2.0
💻
Redhat

Enterprise Linux Server

= 5.0
💻
Redhat

Enterprise Linux Server

= 6.0

References & Advisories

🔗 http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html
🔗 http://rhn.redhat.com/errata/RHSA-2012-1379.html
🔗 http://rhn.redhat.com/errata/RHSA-2013-0691.html
🔗 http://www.openwall.com/lists/oss-security/2012/09/05/16
🔗 http://www.openwall.com/lists/oss-security/2012/09/05/4
🔗 http://www.securityfocus.com/bid/55420
🔗 https://bugs.launchpad.net/swift/+bug/1006414
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=854757

相關漏洞威脅

CVE-2021-4042210.0

An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A...

CVE-2016-100749.8

The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra par...

CVE-2017-166139.8

An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swif...

CVE-2009-32539.3

Stack-based buffer overflow in TriceraSoft Swift Ultralite 1.032 allows remote attackers to cause a denial of service (crash) or e...