Security Bulletin: Qiskit SDK Vulnerability Allows Remote Attackers to Cause Denial of Service via Maliciously Crafted QPY File
Summary A maliciously crafted QPY file containing a malformed symengine serialization stream as part of the larger QPY serialization of a ParameterExpression object can cause a segfault within the symengine library, allowing an attacker to terminate the hosting process. Vulnerability Details...