CVE-2012-4406

EUVD-2022-5311
OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
Affected Products (NVD)
VendorProductVersion
openstackswift
𝑥
< 1.7.0
redhatgluster_storage_management_console
2.0
redhatgluster_storage_server_for_on-premise
2.0
redhatstorage
2.0
redhatstorage_for_public_cloud
2.0
redhatenterprise_linux_server
5.0
redhatenterprise_linux_server
6.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
swift
bookworm
2.30.0-4
fixed
bullseye
2.26.0-10+deb11u1
fixed
bullseye (security)
2.26.0-10+deb11u1
fixed
sid
2.34.0-4
fixed
trixie
2.34.0-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
swift
hardy
dne
lucid
dne
natty
ignored
oneiric
ignored
precise
Fixed 1.4.8-0ubuntu2.2
released
quantal
not-affected
raring
not-affected
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html
http://rhn.redhat.com/errata/RHSA-2012-1379.html
http://rhn.redhat.com/errata/RHSA-2013-0691.html
http://www.openwall.com/lists/oss-security/2012/09/05/16
http://www.openwall.com/lists/oss-security/2012/09/05/4
http://www.securityfocus.com/bid/55420
https://bugs.launchpad.net/swift/+bug/1006414
https://bugzilla.redhat.com/show_bug.cgi?id=854757
https://exchange.xforce.ibmcloud.com/vulnerabilities/79140
https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a
https://launchpad.net/swift/+milestone/1.7.0
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html
http://rhn.redhat.com/errata/RHSA-2012-1379.html
http://rhn.redhat.com/errata/RHSA-2013-0691.html
http://www.openwall.com/lists/oss-security/2012/09/05/16
http://www.openwall.com/lists/oss-security/2012/09/05/4
http://www.securityfocus.com/bid/55420
https://bugs.launchpad.net/swift/+bug/1006414
https://bugzilla.redhat.com/show_bug.cgi?id=854757
https://exchange.xforce.ibmcloud.com/vulnerabilities/79140
https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a
https://launchpad.net/swift/+milestone/1.7.0