16 matches found
CVE-2026-4870 Qiskit SDK is vulnerable to specific functions may recurse too deeply and overflow the available stack space, when encountering certain classical expressions.
IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser...
CVE-2026-4870
CVE-2026-4870: IBM Qiskit SDK versions 0.43.0 through 2.5.0 are affected by a recursion-related issue in the parser that can trigger a segmentation fault and cause a denial of service. Public details in NVD/CVE records confirm the affected product range and the root cause as uncontrolled deep rec...
Security Bulletin: Qiskit SDK is vulnerable to specific functions may recurse too deeply and overflow the available stack space, when encountering certain classical expressions.
Summary The functions qiskit.qasm2.load and qiskit.qasm2.loads may recurse too deeply and overflow the available stack space, when encountering certain classical expressions. Vulnerability Details CVEID:CVE-2026-4870 DESCRIPTION: IBM Qiskit SDK could allow an attacker to trigger a segmentation...
CVE-2025-1403
Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library...
EUVD-2025-4473
Malicious code in bioql PyPI...
EUVD-2024-1034
Malicious code in bioql PyPI...
Security Bulletin: Qiskit SDK Vulnerability Allows Remote Attackers to Cause Denial of Service via Maliciously Crafted QPY File
Summary A maliciously crafted QPY file containing a malformed symengine serialization stream as part of the larger QPY serialization of a ParameterExpression object can cause a segfault within the symengine library, allowing an attacker to terminate the hosting process. Vulnerability Details...
Security Bulletin: Arbitrary QPY Execution in Qiskit SDK QPY Deserialization < 13
Summary A maliciously crafted QPY payload can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY format versions 13. A Python process calling Qiskit's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded in...
CVE-2025-2000 Qiskit SDK code execution
A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats 13. A python process calling Qiskit 0.18.0 through 1.4.1's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded ...
CVE-2025-2000 Qiskit SDK code execution
A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats 13. A python process calling Qiskit 0.18.0 through 1.4.1's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded ...
CVE-2025-1403
Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library...
CVE-2025-1403
Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library...
CVE-2025-1403
CVE-2025-1403 affects Qiskit SDK from 0.45.0 to 1.2.4, where a malicious QPY file with a malformed symengine serialization stream can trigger a segfault in the symengine library, enabling remote denial of service. The Red Hat, OSV, and IBM advisories confirm the vulnerability and provide remediat...
CVE-2025-1403 Qiskit SDK denial of service
Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library...
CVE-2025-1403 Qiskit SDK denial of service
Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library...
PT-2025-7502 · Symengine +1 · Symengine +1
Name of the Vulnerable Software and Affected Versions: Qiskit SDK versions 0.45.0 through 1.2.4 Description: A maliciously crafted QPY file containing a malformed symengine serialization stream can cause a segfault within the symengine library, allowing an attacker to terminate the hosting proces...