CVE-2012-4406

Published: Oct 22, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a

x_refsource_CONFIRM

55420

vdb-entry

x_refsource_BID

https://launchpad.net/swift/+milestone/1.7.0

x_refsource_CONFIRM

RHSA-2012:1379

vendor-advisory

x_refsource_REDHAT

openstack-swift-loads-code-exec(79140)

vdb-entry

x_refsource_XF

https://bugs.launchpad.net/swift/+bug/1006414

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=854757

x_refsource_MISC

[oss-security] 20120905 CVE-Request: openstack pickle de-serialization

mailing-list

x_refsource_MLIST

FEDORA-2012-15098

vendor-advisory

x_refsource_FEDORA

RHSA-2013:0691

vendor-advisory

x_refsource_REDHAT

[oss-security] 20120905 Re: CVE-Request: openstack pickle de-serialization

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2012-4406

Description

Affected Products

References