Ollama vulnerability affects model path validation
CVE-2024-37032

8.8HIGH

Key Information:

Vendor

Ollama

Status
Ollama
Vendor
CVE Published:
31 May 2024

Badges

📈 Score: 770👾 Exploit Exists🟣 EPSS 91%📰 News Worthy

What is CVE-2024-37032?

CVE-2024-37032 is a vulnerability in the Ollama software, affecting model path validation. Ollama is a tool designed for using and managing machine learning models, facilitating their integration and deployment within various applications. This specific vulnerability arises from the software’s failure to properly validate the format of model digests when retrieving paths. As a result, attackers could exploit this oversight to manipulate paths, potentially leading to unauthorized access and misuse of the software, which can severely compromise organizational security.

Technical Details

The vulnerability is present in versions of Ollama prior to 0.1.34. It allows improper handling of model path inputs where the digest format is not strictly adhered to—specifically, the digest should be a sha256 hash consisting of 64 hexadecimal characters. The vulnerability can occur if the model path input contains fewer or more than the specified number of characters or includes malicious substrings such as ../. This lack of validation means that the software may unknowingly process inputs that could execute unintended commands or access unauthorized files.

Potential Impact of CVE-2024-37032

  1. Unauthorized Access: Exploitation of this vulnerability may allow attackers to gain unauthorized access to sensitive files and system resources, leading to data leaks or manipulation.

  2. Remote Code Execution: The flawed validation process could facilitate remote code execution, where an attacker could run arbitrary code on the server hosting Ollama, further compromising system integrity.

  3. Integration Risks: Given that Ollama is often used to deploy machine learning models, this vulnerability poses significant risks to any integrated applications, which could suffer from instability or malfunctions due to compromised model paths.

News Articles

favicon imageGBHackers News

Ollama AI Platform Flaw Let Attackers Execute Remote Code

⁤Hackers attack AI infrastructure platforms since these systems contain a multitude of valuable data, algorithms that are sophisticated in

favicon imageITSec.Ru

Исследователи выявили серьёзную уязвимость в открытой платформе искусственного интеллекта Ollama

Недостаток безопасности был выявлен компанией Wiz, занимающейся облачной безопасностью.

favicon imageCSO Online

Ollama patches critical vulnerability in open-source AI-framework

The vulnerability could leave AI inference servers open to remote code execution that would allow them to be taken over.

References

https://github.com/ollama/ollama/pull/4175
https://github.com/ollama/ollama/compare/v0.1.33...v0.1.34
https://github.com/ollama/ollama/blob/adeb40eaf29039b8964...

EPSS Score

91% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by wiz.io

  • Vulnerability published

.