CVE-2012-4406

Published Oct 22, 2012

Last updated 3 months ago

CVSS critical 9.8

Overview

Description: OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-502

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD5D7F7C-3474-4354-8531-CC28D6F3B635",
            "versionEndExcluding": "1.7.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:gluster_storage_management_console:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0923F044-C68D-4A4A-96E1-C498F3A77C10"
          },
          {
            "criteria": "cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59D47E43-886E-4114-96A2-DBE719EA3A89"
          },
          {
            "criteria": "cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52B90A04-DD6D-4AE7-A0E5-6B381127D507"
          },
          {
            "criteria": "cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0257753-51C3-45F2-BAA4-4C1F2DEAB7A6"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References