GHSA-6m2c-76ff-6vrf

Опубликовано: 14 мар. 2025

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Qiskit allows arbitrary code execution decoding QPY format versions < 13

Impact

A maliciously crafted QPY file can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats < 13. A python process calling Qiskit's qiskit.qpy.load() function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of a specially constructed payload.

Patches

Fixed in Qiskit 1.4.2 and in Qiskit 2.0.0rc2

Ссылки

Пакеты

Наименование

qiskit-terra

pip

Затронутые версииВерсия исправления

>= 0.18.0, <= 0.46.3

Отсутствует

Наименование

qiskit

pip

Затронутые версииВерсия исправления

<= 1.4.1

1.4.2

Наименование

qiskit

pip

Затронутые версииВерсия исправления

= 2.0.0rc1

2.0.0rc2

EPSS

Процентиль: 58%

0.00372

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2025-2000

Дефекты

CWE-502

Связанные уязвимости

CVE-2025-2000

CVSS3: 9.8

nvd

11 месяцев назад

A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of specially constructed payload.

EPSS

Процентиль: 58%

0.00372

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2025-2000

Дефекты

CWE-502