Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| qiskit(PyPI) | 0.45.0 | 1.3.0 | N/A |
| qiskit-terra(PyPI) | 0.45.0 | N/A | N/A |
CVSS Metrics
