CVE-2024-29032

Summary

Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using qiskit_ibm_runtime.RuntimeDecoder can lead to arbitrary code execution given a correctly formatted input string. Version 0.21.2 contains a fix for this issue.

Affected Software

VendorProductVersion RangeStatus
Qiskitqiskit-ibm-runtime>= 0.1.0, < 0.21.2affected

Weaknesses

  • CWE-502: CWE-502: Deserialization of Untrusted Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References