What is the severity of CVE-2012-4406?

CVE-2012-4406 is classified as a high-severity vulnerability due to its potential for remote code execution.

How do I fix CVE-2012-4406?

To remediate CVE-2012-4406, update the OpenStack Swift package to version 1.7.0 or later.

What is affected by CVE-2012-4406?

CVE-2012-4406 affects all versions of OpenStack Swift before 1.7.0, particularly versions 1.6.0 and earlier.

What type of vulnerability is CVE-2012-4406?

CVE-2012-4406 is a remote code execution vulnerability caused by unsafe use of the pickle module in Python.

Who reported CVE-2012-4406?

CVE-2012-4406 was reported by Sebastian Krahmer.

Vulnerability/
CVE-2012-4406

critical

9.8

CWE

94 502

5/9/2012

22/10/2012

17/5/2022

6/2/2024

CVE-2012-4406: Code Injection

First published: Wed Sep 05 2012(Updated: )

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.

Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
pip/swift	<1.7.0	1.7.0
OpenStack Swift3	<=1.6.0
OpenStack Swift3	=1.0.0
OpenStack Swift3	=1.0.1
OpenStack Swift3	=1.0.2
OpenStack Swift3	=1.1.0
OpenStack Swift3	=1.1.0-rc1
OpenStack Swift3	=1.1.0-rc2
OpenStack Swift3	=1.2.0
OpenStack Swift3	=1.2.0-gamma1
OpenStack Swift3	=1.2.0-rc1
OpenStack Swift3	=1.3.0
OpenStack Swift3	=1.3.0-gamma1
OpenStack Swift3	=1.3.0-rc1
OpenStack Swift3	=1.4.0
OpenStack Swift3	=1.4.1
OpenStack Swift3	=1.4.2
OpenStack Swift3	=1.4.3
OpenStack Swift3	=1.4.4
OpenStack Swift3	=1.4.5
OpenStack Swift3	=1.4.6
OpenStack Swift3	=1.4.7
OpenStack Swift3	=1.4.8
OpenStack Swift3	=1.5.0
OpenStack Swift3	<1.7.0
Fedora	=16
Red Hat Gluster Storage Management Console	=2.0
Red Hat Gluster Storage Server	=2.0
Red Hat Storage	=2.0
redhat Storage for public cloud	=2.0
redhat enterprise Linux server	=5.0
redhat enterprise Linux server	=6.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-4406?
CVE-2012-4406 is classified as a high-severity vulnerability due to its potential for remote code execution.
How do I fix CVE-2012-4406?
To remediate CVE-2012-4406, update the OpenStack Swift package to version 1.7.0 or later.
What is affected by CVE-2012-4406?
CVE-2012-4406 affects all versions of OpenStack Swift before 1.7.0, particularly versions 1.6.0 and earlier.
What type of vulnerability is CVE-2012-4406?
CVE-2012-4406 is a remote code execution vulnerability caused by unsafe use of the pickle module in Python.
Who reported CVE-2012-4406?
CVE-2012-4406 was reported by Sebastian Krahmer.

agent/type
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2012-4406
agent/remedy
agent/weakness
agent/description
collector/github-advisory-latest
source/GitHub
alias/GHSA-v7mh-3jgf-r26c
agent/software-canonical-lookup
agent/last-modified-date
agent/severity
agent/references
agent/event
agent/author
collector/github-advisory
agent/trending
agent/source
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
collector/nvd-cve
package-manager/pip
vendor/openstack
canonical/openstack swift3
version/openstack swift3/1.6.0
version/openstack swift3/1.0.0
version/openstack swift3/1.0.1
version/openstack swift3/1.0.2
version/openstack swift3/1.1.0
version/openstack swift3/1.1.0-rc1
version/openstack swift3/1.1.0-rc2
version/openstack swift3/1.2.0
version/openstack swift3/1.2.0-gamma1
version/openstack swift3/1.2.0-rc1
version/openstack swift3/1.3.0
version/openstack swift3/1.3.0-gamma1
version/openstack swift3/1.3.0-rc1
version/openstack swift3/1.4.0
version/openstack swift3/1.4.1
version/openstack swift3/1.4.2
version/openstack swift3/1.4.3
version/openstack swift3/1.4.4
version/openstack swift3/1.4.5
version/openstack swift3/1.4.6
version/openstack swift3/1.4.7
version/openstack swift3/1.4.8
version/openstack swift3/1.5.0
vendor/fedoraproject
canonical/fedora
version/fedora/16
vendor/redhat
canonical/red hat gluster storage management console
version/red hat gluster storage management console/2.0
canonical/red hat gluster storage server
version/red hat gluster storage server/2.0
canonical/red hat storage
version/red hat storage/2.0
canonical/redhat storage for public cloud
version/redhat storage for public cloud/2.0
canonical/redhat enterprise linux server
version/redhat enterprise linux server/5.0
version/redhat enterprise linux server/6.0

CVE-2012-4406: Code Injection

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-4406?

How do I fix CVE-2012-4406?

What is affected by CVE-2012-4406?

What type of vulnerability is CVE-2012-4406?

Who reported CVE-2012-4406?

Company

Resources

Contact