Lucene search

GoogleOSV:CVE-2024-29032

HistoryMar 20, 2024 - 9:15 p.m.

CVE-2024-29032

2024-03-2021:15:31

Google

osv.dev

qiskit

ibm

runtime

deserialization

vulnerability

json

data

code execution

fix

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using qiskit_ibm_runtime.RuntimeDecoder can lead to arbitrary code execution given a correctly formatted input string. Version 0.21.2 contains a fix for this issue.

CPENameOperatorVersion
qiskit-ibm-runtimeeq0.6.0
qiskit-ibm-runtimeeq0.1.0rc2
qiskit-ibm-runtimeeq0.9.2
qiskit-ibm-runtimeeq0.16.1
qiskit-ibm-runtimeeq0.20.0
qiskit-ibm-runtimeeq0.5.0
qiskit-ibm-runtimeeq0.8.0
qiskit-ibm-runtimeeq0.7.0rc1
qiskit-ibm-runtimeeq0.15.1
qiskit-ibm-runtimeeq0.18.0

Name	Operator	Version
qiskit-ibm-runtime	eq	0.6.0
qiskit-ibm-runtime	eq	0.1.0rc2
qiskit-ibm-runtime	eq	0.9.2
qiskit-ibm-runtime	eq	0.16.1
qiskit-ibm-runtime	eq	0.20.0
qiskit-ibm-runtime	eq	0.5.0
qiskit-ibm-runtime	eq	0.8.0
qiskit-ibm-runtime	eq	0.7.0rc1
qiskit-ibm-runtime	eq	0.15.1
qiskit-ibm-runtime	eq	0.18.0

Rows per page:

1-10 of 381

References

github.com/Qiskit/qiskit-ibm-runtime/blob/16e90f475e78a9d2ae77daa139ef750cfa84ca82/qiskit_ibm_runtime/utils/json.py#L156-L159

github.com/Qiskit/qiskit-ibm-runtime/commit/b78fca114133051805d00043a404b25a33835f4d

github.com/Qiskit/qiskit-ibm-runtime/security/advisories/GHSA-x4x5-jv3x-9c7m