Lucene search
GoogleOSV:GHSA-8HQG-WHRW-PV92HistoryMay 31, 2024 - 6:30 a.m.
Ollama does not validate the format of the digest (sha256 with 64 hex digits)
2024-05-3106:30:27
Google
osv.dev
22
ollama
validate
sha256
digest
format
model path
Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring.
References
github.com/ollama/ollama
github.com/ollama/ollama/blob/adeb40eaf29039b8964425f69a9315f9f1694ba8/server/modelpath_test.go#L41-L58
github.com/ollama/ollama/commit/2a21363bb756a7341d3d577f098583865bd7603f
github.com/ollama/ollama/compare/v0.1.33...v0.1.34
github.com/ollama/ollama/pull/4175
nvd.nist.gov/vuln/detail/CVE-2024-37032
pkg.go.dev/vuln/GO-2024-2901
www.vicarius.io/vsociety/posts/probllama-in-ollama-a-tale-of-a-yet-another-rce-vulnerability-cve-2024-37032
Related
cvelist
cvelist
CVE-2024-37032
2024-05-31 00:00:00
veracode
veracode
Improper Input Validation
2024-06-05 06:07:39
osv
osv
CGA-hv8x-jmgj-fp3m
2024-06-21 08:04:20
wizblog
wizblog
nvd
nvd
CVE-2024-37032
2024-05-31 04:15:09
vulnrichment
vulnrichment
CVE-2024-37032
2024-05-31 00:00:00
wolfi
wolfi
CVE-2024-37032 vulnerabilities
2024-09-30 03:53:08
nuclei
nuclei
Ollama - Remote Code Execution
2024-07-08 07:39:01
github
github
githubexploit
githubexploit
Exploit for CVE-2024-37032
2024-06-26 03:11:29
Exploit for CVE-2024-37032
2024-07-10 07:24:09
cve
cve
CVE-2024-37032
2024-05-31 04:15:09
nessus
nessus
Ollama < 0.1.34 Improper Input Validation
2024-06-07 00:00:00
thn
thn
Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool
2024-06-24 13:52:00