CVE-2012-4406

NameCVE-2012-4406
DescriptionOpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs686812

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
swift (PTS)jessie2.2.0-1+deb8u1fixed
stretch2.10.2-1~deb9u1fixed
buster (security), buster, buster (lts)2.19.1-1+deb10u1fixed
bullseye (security), bullseye2.26.0-10+deb11u1fixed
bookworm2.30.0-4fixed
trixie2.34.0-4fixed
sid2.34.0-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
swiftsource(unstable)1.4.8-2686812

Search for package or bug name: Reporting problems