CVE-2012-4406
Published Oct 22, 2012
Last updated 10 months ago
Overview
- Description
- OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-502
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD5D7F7C-3474-4354-8531-CC28D6F3B635",
"versionEndExcluding": "1.7.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:gluster_storage_management_console:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0923F044-C68D-4A4A-96E1-C498F3A77C10"
},
{
"criteria": "cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "59D47E43-886E-4114-96A2-DBE719EA3A89"
},
{
"criteria": "cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52B90A04-DD6D-4AE7-A0E5-6B381127D507"
},
{
"criteria": "cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F0257753-51C3-45F2-BAA4-4C1F2DEAB7A6"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"
}
],
"operator": "OR"
}
]
}
]