CVE-2012-4406

Name: CVE-2012-4406
Creator: NVD / NIST
Published: 2012-10-22T23:55:06.743+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 6.52%

Last modified Jun 16, 2026

CVE-2012-4406 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.. EPSS estimates a 6.52% chance of exploitation in the next 30 days.

Description

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

6.52%

92.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-502

Affected Software

Vendor	Product	Versions
Openstack	Swift	< 1.7.0
Fedoraproject	Fedora	16
Redhat	Gluster Storage Management Console	2.0
Redhat	Gluster Storage Server For On-Premise	2.0
Redhat	Storage	2.0
Redhat	Storage For Public Cloud	2.0
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Server	6.0

References

http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.htmlMailing List
http://rhn.redhat.com/errata/RHSA-2012-1379.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0691.htmlNot Applicable
http://www.openwall.com/lists/oss-security/2012/09/05/16Mailing List
http://www.openwall.com/lists/oss-security/2012/09/05/4Mailing List
http://www.securityfocus.com/bid/55420Broken Link
https://bugs.launchpad.net/swift/+bug/1006414Issue Tracking, Patch
https://bugzilla.redhat.com/show_bug.cgi?id=854757Issue Tracking, Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/79140Third Party Advisory, VDB Entry
https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831aPatch
https://launchpad.net/swift/+milestone/1.7.0Release Notes
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.htmlMailing List
http://rhn.redhat.com/errata/RHSA-2012-1379.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0691.htmlNot Applicable
http://www.openwall.com/lists/oss-security/2012/09/05/16Mailing List
http://www.openwall.com/lists/oss-security/2012/09/05/4Mailing List
http://www.securityfocus.com/bid/55420Broken Link
https://bugs.launchpad.net/swift/+bug/1006414Issue Tracking, Patch
https://bugzilla.redhat.com/show_bug.cgi?id=854757Issue Tracking, Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/79140Third Party Advisory, VDB Entry
https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831aPatch
https://launchpad.net/swift/+milestone/1.7.0Release Notes

Timeline

Published: Oct 22, 2012
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2012-4406?

How severe is CVE-2012-4406?

CVE-2012-4406 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 6.52% probability of exploitation in the next 30 days.

How do I fix CVE-2012-4406?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-4406?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST