CVE-2012-4406 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2012-4406 Interim 1 9 2024-09-10T02:30:44Z current 2021-05-30T13:06:03Z 2024-09-10T02:30:44Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2012-4406 OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE OpenStack Cloud 6 openstack-swift-2.1.0-4.1 openstack-swift-account-2.1.0-4.1 openstack-swift-container-2.1.0-4.1 openstack-swift-object-2.1.0-4.1 openstack-swift-proxy-2.1.0-4.1 python-swift-2.1.0-4.1 openstack-swift-2.1.0-4.1 as a component of SUSE OpenStack Cloud 6 openstack-swift-account-2.1.0-4.1 as a component of SUSE OpenStack Cloud 6 openstack-swift-container-2.1.0-4.1 as a component of SUSE OpenStack Cloud 6 openstack-swift-object-2.1.0-4.1 as a component of SUSE OpenStack Cloud 6 openstack-swift-proxy-2.1.0-4.1 as a component of SUSE OpenStack Cloud 6 python-swift-2.1.0-4.1 as a component of SUSE OpenStack Cloud 6 OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object. CVE-2012-4406 SUSE OpenStack Cloud 6:openstack-swift-2.1.0-4.1 SUSE OpenStack Cloud 6:openstack-swift-account-2.1.0-4.1 SUSE OpenStack Cloud 6:openstack-swift-container-2.1.0-4.1 SUSE OpenStack Cloud 6:openstack-swift-object-2.1.0-4.1 SUSE OpenStack Cloud 6:openstack-swift-proxy-2.1.0-4.1 SUSE OpenStack Cloud 6:python-swift-2.1.0-4.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H