Lucene search
K

16 matches found

Vulnrichment
Vulnrichment
added 2026/06/12 8:52 p.m.9 views

CVE-2026-4870 Qiskit SDK is vulnerable to specific functions may recurse too deeply and overflow the available stack space, when encountering certain classical expressions.

IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser...

7.5CVSS5.3AI score0.00268EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:52 p.m.32 views

CVE-2026-4870

CVE-2026-4870: IBM Qiskit SDK versions 0.43.0 through 2.5.0 are affected by a recursion-related issue in the parser that can trigger a segmentation fault and cause a denial of service. Public details in NVD/CVE records confirm the affected product range and the root cause as uncontrolled deep rec...

7.5CVSS5.3AI score0.00268EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 8:51 p.m.6 views

Security Bulletin: Qiskit SDK is vulnerable to specific functions may recurse too deeply and overflow the available stack space, when encountering certain classical expressions.

Summary The functions qiskit.qasm2.load and qiskit.qasm2.loads may recurse too deeply and overflow the available stack space, when encountering certain classical expressions. Vulnerability Details CVEID:CVE-2026-4870 DESCRIPTION: IBM Qiskit SDK could allow an attacker to trigger a segmentation...

7.5CVSS5.4AI score0.00268EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/07 9:11 a.m.9 views

CVE-2025-1403

Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library...

8.6CVSS6.8AI score0.0066EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-4473

Malicious code in bioql PyPI...

8.6CVSS6.3AI score0.0066EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-1034

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00372EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:56 a.m.8 views

Security Bulletin: Qiskit SDK Vulnerability Allows Remote Attackers to Cause Denial of Service via Maliciously Crafted QPY File

Summary A maliciously crafted QPY file containing a malformed symengine serialization stream as part of the larger QPY serialization of a ParameterExpression object can cause a segfault within the symengine library, allowing an attacker to terminate the hosting process. Vulnerability Details...

8.6CVSS8.1AI score0.0066EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/14 2:4 p.m.13 views

Security Bulletin: Arbitrary QPY Execution in Qiskit SDK QPY Deserialization < 13

Summary A maliciously crafted QPY payload can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY format versions 13. A Python process calling Qiskit's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded in...

9.8CVSS7.4AI score0.00741EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/03/14 1:4 p.m.18 views

CVE-2025-2000 Qiskit SDK code execution

A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats 13. A python process calling Qiskit 0.18.0 through 1.4.1's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded ...

9.8CVSS0.00741EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/14 1:4 p.m.12 views

CVE-2025-2000 Qiskit SDK code execution

A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats 13. A python process calling Qiskit 0.18.0 through 1.4.1's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded ...

9.8CVSS9.7AI score0.00741EPSS
Exploits0References1
NVD
NVD
added 2025/02/21 5:15 p.m.7 views

CVE-2025-1403

Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library...

8.6CVSS0.0066EPSS
Exploits0References1
OSV
OSV
added 2025/02/21 5:15 p.m.4 views

CVE-2025-1403

Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library...

8.6CVSS7.2AI score
Exploits0References1
CVE
CVE
added 2025/02/21 4:55 p.m.68 views

CVE-2025-1403

CVE-2025-1403 affects Qiskit SDK from 0.45.0 to 1.2.4, where a malicious QPY file with a malformed symengine serialization stream can trigger a segfault in the symengine library, enabling remote denial of service. The Red Hat, OSV, and IBM advisories confirm the vulnerability and provide remediat...

8.6CVSS8.3AI score0.0066EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/02/21 4:55 p.m.11 views

CVE-2025-1403 Qiskit SDK denial of service

Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library...

8.6CVSS0.0066EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/21 4:55 p.m.8 views

CVE-2025-1403 Qiskit SDK denial of service

Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library...

8.6CVSS8.3AI score0.0066EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/21 12:0 a.m.3 views

PT-2025-7502 · Symengine +1 · Symengine +1

Name of the Vulnerable Software and Affected Versions: Qiskit SDK versions 0.45.0 through 1.2.4 Description: A maliciously crafted QPY file containing a malformed symengine serialization stream can cause a segfault within the symengine library, allowing an attacker to terminate the hosting proces...

8.6CVSS6.3AI score0.0066EPSS
Exploits0References14
Rows per page
Query Builder