OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 01:42
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html - Mailing List | |
References | () http://rhn.redhat.com/errata/RHSA-2012-1379.html - Third Party Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2013-0691.html - Not Applicable | |
References | () http://www.openwall.com/lists/oss-security/2012/09/05/16 - Mailing List | |
References | () http://www.openwall.com/lists/oss-security/2012/09/05/4 - Mailing List | |
References | () http://www.securityfocus.com/bid/55420 - Broken Link | |
References | () https://bugs.launchpad.net/swift/+bug/1006414 - Issue Tracking, Patch | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=854757 - Issue Tracking, Patch | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/79140 - Third Party Advisory, VDB Entry | |
References | () https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a - Patch | |
References | () https://launchpad.net/swift/+milestone/1.7.0 - Release Notes |
25 Jan 2024, 02:13
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat enterprise Linux Server
Fedoraproject fedora Redhat Redhat gluster Storage Server For On-premise Redhat gluster Storage Management Console Fedoraproject Redhat storage For Public Cloud Redhat storage |
|
References | () http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html - Mailing List | |
References | () http://rhn.redhat.com/errata/RHSA-2012-1379.html - Third Party Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2013-0691.html - Not Applicable | |
References | () http://www.openwall.com/lists/oss-security/2012/09/05/16 - Mailing List | |
References | () http://www.openwall.com/lists/oss-security/2012/09/05/4 - Mailing List | |
References | () http://www.securityfocus.com/bid/55420 - Broken Link | |
References | () https://bugs.launchpad.net/swift/+bug/1006414 - Issue Tracking, Patch | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=854757 - Issue Tracking, Patch | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/79140 - Third Party Advisory, VDB Entry | |
References | () https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a - Patch | |
References | () https://launchpad.net/swift/+milestone/1.7.0 - Release Notes | |
CWE | CWE-502 | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CPE | cpe:2.3:a:openstack:swift:1.2.0:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.1.0:rc1:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.3.0:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.4:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.0.0:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.3.0:rc1:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.2.0:gamma1:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.6:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.0.2:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.5.0:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.3:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.8:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.0.1:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.2.0:rc1:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.1.0:rc2:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.0:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.7:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.3.0:gamma1:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.2:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.1.0:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.1:*:*:*:*:*:*:* |
cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:* cpe:2.3:a:redhat:gluster_storage_management_console:2.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* |
Information
Published : 2012-10-22 23:55
Updated : 2025-04-11 00:51
NVD link : CVE-2012-4406
Mitre link : CVE-2012-4406
CVE.ORG link : CVE-2012-4406
JSON object : View
Products Affected
redhat
- gluster_storage_management_console
- storage
- enterprise_linux_server
- gluster_storage_server_for_on-premise
- storage_for_public_cloud
fedoraproject
- fedora
openstack
- swift
CWE
CWE-502
Deserialization of Untrusted Data