Critical severity9.8NVD Advisory· Published Oct 22, 2012· Updated Jun 16, 2026
CVE-2012-4406
CVE-2012-4406
Description
OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
swiftPyPI | < 1.7.0 | 1.7.0 |
Affected products
9- cpe:2.3:a:redhat:gluster_storage_management_console:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
18- bugs.launchpad.net/swift/+bug/1006414nvdIssue TrackingPatchWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchWEB
- github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831anvdPatchWEB
- rhn.redhat.com/errata/RHSA-2012-1379.htmlnvdThird Party AdvisoryWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/79140nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-v7mh-3jgf-r26cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-4406ghsaADVISORY
- lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.htmlnvdMailing ListWEB
- rhn.redhat.com/errata/RHSA-2013-0691.htmlnvdNot ApplicableWEB
- www.openwall.com/lists/oss-security/2012/09/05/16nvdMailing ListWEB
- www.openwall.com/lists/oss-security/2012/09/05/4nvdMailing ListWEB
- www.securityfocus.com/bid/55420nvdBroken LinkWEB
- access.redhat.com/errata/RHSA-2012:1379ghsaWEB
- access.redhat.com/errata/RHSA-2013:0691ghsaWEB
- access.redhat.com/security/cve/CVE-2012-4406ghsaWEB
- launchpad.net/swift/+milestone/1.7.0nvdRelease NotesWEB
- opendev.org/openstack/swiftghsaPACKAGE
- web.archive.org/web/20130629092623/http://www.securityfocus.com/bid/55420ghsaWEB
News mentions
0No linked articles in our index yet.