Vulnerability Description
Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using `qiskit_ibm_runtime.RuntimeDecoder` can lead to arbitrary code execution given a correctly formatted input string. Version 0.21.2 contains a fix for this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Qiskit Ibm Runtime | >= 0.1.0, < 0.21.2 |
Related Weaknesses (CWE)
References
- https://github.com/Qiskit/qiskit-ibm-runtime/blob/16e90f475e78a9d2ae77daa139ef75Issue Tracking
- https://github.com/Qiskit/qiskit-ibm-runtime/commit/b78fca114133051805d00043a404Issue Tracking
- https://github.com/Qiskit/qiskit-ibm-runtime/security/advisories/GHSA-x4x5-jv3x-ExploitVendor Advisory
- https://github.com/Qiskit/qiskit-ibm-runtime/blob/16e90f475e78a9d2ae77daa139ef75Issue Tracking
- https://github.com/Qiskit/qiskit-ibm-runtime/commit/b78fca114133051805d00043a404Issue Tracking
- https://github.com/Qiskit/qiskit-ibm-runtime/security/advisories/GHSA-x4x5-jv3x-ExploitVendor Advisory
FAQ
What is CVE-2024-29032?
CVE-2024-29032 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21...
How severe is CVE-2024-29032?
CVE-2024-29032 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-29032?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Qiskit Ibm Runtime.