qiskit is vulnerable to Denial of Service (DoS)
75
High Risk
The OpenQASM 2 importer functions qiskit.qasm2.load and qiskit.qasm2.loads parse classical expressions with a recursive operator-precedence parser. When given a program containing deeply nested expressions, such as an arbitrarily long run of parentheses, the expression subparser recurses without bound and exhausts the native stack. This causes a stack-overflow segmentation fault that abruptly crashes the interpreter process, allowing a denial of service through crafted OpenQASM 2 input. The fix threads a recursion-depth limit derived from sys.getrecursionlimit() through the parser and raises a Python RecursionError before the stack is exhausted.
You are affected if you are using a version that falls within the vulnerable range and you parse untrusted OpenQASM 2 program text with qiskit.qasm2.load or qiskit.qasm2.loads.
qiskit is vulnerable to Denial of Service (DoS) in versions 0.43.0 - 1.4.5 and 2.0.0 - 2.4.1.
Upgrade the qiskit library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant