CVE-2024-29032
Last modified
CVE-2024-29032 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using `qiskit_ibm_runtime.RuntimeDecoder` can lead to arbitrary code execution given a correctly formatted input string. EPSS estimates a 0.37% chance of exploitation in the next 30 days.
Description
Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using `qiskit_ibm_runtime.RuntimeDecoder` can lead to arbitrary code execution given a correctly formatted input string. Version 0.21.2 contains a fix for this issue.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Qiskit Ibm Runtime | >= 0.1.0, < 0.21.2 |
References
- https://github.com/Qiskit/qiskit-ibm-runtime/security/advisories/GHSA-x4x5-jv3x-9c7mExploit, Vendor Advisory
- https://github.com/Qiskit/qiskit-ibm-runtime/security/advisories/GHSA-x4x5-jv3x-9c7mExploit, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-29032?
How severe is CVE-2024-29032?
How do I fix CVE-2024-29032?
Are you affected by CVE-2024-29032?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST