OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 01:42
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html - Mailing List | |
References | () http://rhn.redhat.com/errata/RHSA-2012-1379.html - Third Party Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2013-0691.html - Not Applicable | |
References | () http://www.openwall.com/lists/oss-security/2012/09/05/16 - Mailing List | |
References | () http://www.openwall.com/lists/oss-security/2012/09/05/4 - Mailing List | |
References | () http://www.securityfocus.com/bid/55420 - Broken Link | |
References | () https://bugs.launchpad.net/swift/+bug/1006414 - Issue Tracking, Patch | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=854757 - Issue Tracking, Patch | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/79140 - Third Party Advisory, VDB Entry | |
References | () https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a - Patch | |
References | () https://launchpad.net/swift/+milestone/1.7.0 - Release Notes |
25 Jan 2024, 02:13
Type | Values Removed | Values Added |
---|---|---|
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2013-0691.html - Not Applicable | |
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html - Mailing List | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2012-1379.html - Third Party Advisory | |
References | (CONFIRM) https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a - Patch | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/79140 - Third Party Advisory, VDB Entry | |
References | (CONFIRM) https://launchpad.net/swift/+milestone/1.7.0 - Release Notes | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=854757 - Issue Tracking, Patch | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2012/09/05/16 - Mailing List | |
References | (BID) http://www.securityfocus.com/bid/55420 - Broken Link | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2012/09/05/4 - Mailing List | |
References | (CONFIRM) https://bugs.launchpad.net/swift/+bug/1006414 - Issue Tracking, Patch | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CWE | CWE-502 | |
First Time |
Redhat gluster Storage Management Console
Fedoraproject fedora Fedoraproject Redhat gluster Storage Server For On-premise Redhat storage For Public Cloud Redhat Redhat storage Redhat enterprise Linux Server |
|
CPE | cpe:2.3:a:openstack:swift:1.2.0:rc1:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.1:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.5:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.2.0:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.8:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.1.0:rc2:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.0.0:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.3.0:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.1.0:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.2:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.4:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.0.2:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.2.0:gamma1:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.3.0:gamma1:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.0:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.3.0:rc1:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.7:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.3:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.5.0:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.6:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.1.0:rc1:*:*:*:*:*:* |
cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:gluster_storage_management_console:2.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:* cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* |
Information
Published : 2012-10-22 23:55
Updated : 2024-11-21 01:42
NVD link : CVE-2012-4406
Mitre link : CVE-2012-4406
CVE.ORG link : CVE-2012-4406
JSON object : View
Products Affected
redhat
- enterprise_linux_server
- storage_for_public_cloud
- gluster_storage_management_console
- storage
- gluster_storage_server_for_on-premise
openstack
- swift
fedoraproject
- fedora
CWE
CWE-502
Deserialization of Untrusted Data