CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-37032

High Severity
SVRS
46/100
CVSSv3
8.8/10
EPSS
0.91732/1

CVE-2024-37032 in Ollama before version 0.1.34 allows for path traversal vulnerabilities due to improper validation of the digest format used when retrieving the model path. Specifically, the software fails to adequately verify the SHA256 hash digest, leading to potential mishandling of path requests. This flaw enables attackers to craft requests that bypass security checks and access unauthorized files or directories on the system.

With an SVRS of 46, this vulnerability is not considered critical at the moment. While the CVSS score is high at 8.8, the lower SVRS suggests a relatively lower risk profile compared to vulnerabilities with SVRS scores above 80. However, given the presence of CWE-22 and the flaw existing 'In The Wild', organizations should monitor and consider patching to prevent exploitation and secure their Ollama deployments from potential path traversal attacks. This vulnerability could lead to data breaches or system compromise if exploited.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:L
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-05-31
LAST MODIFIED2025-03-27
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-37032 is a vulnerability in Ollama before 0.1.34 that allows an attacker to bypass the intended path validation and access arbitrary files on the system. This vulnerability has a CVSS score of 0, indicating a low severity. However, SOCRadar's SVRS assigns it a score of 62, indicating a moderate risk. This discrepancy is due to the SVRS's incorporation of additional vulnerability intelligence elements, such as social media chatter and dark web data, which suggest that this vulnerability is being actively exploited in the wild.

Key Insights

  • Exploitation in the Wild: This vulnerability is actively being exploited by hackers, making it a high-priority threat.
  • Low CVSS Score: The CVSS score of 0 may underestimate the severity of this vulnerability, as it does not fully account for the real-world exploitation risk.
  • Path Validation Bypass: This vulnerability allows attackers to bypass the intended path validation and access arbitrary files on the system, potentially leading to data theft or system compromise.
  • SVRS Score: The SVRS score of 62 indicates a moderate risk, highlighting the need for immediate action to mitigate this vulnerability.

Mitigation Strategies

  • Update Ollama: Update Ollama to version 0.1.34 or later to address this vulnerability.
  • Restrict Access: Implement access controls to limit the ability of attackers to exploit this vulnerability.
  • Monitor for Suspicious Activity: Monitor systems for suspicious activity that may indicate exploitation of this vulnerability.
  • Use a Web Application Firewall (WAF): Implement a WAF to block malicious requests that may attempt to exploit this vulnerability.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

1.822
2025-04-01
1.822 | Newly Added (1)Security Vulnerabilities fixed in Wireshark wnpa-sec-2025-01Modified (179)Heroku heroku-addonpool Command Injection VulnerabilityTera Term Pro CVE-2017-2193 Untrusted Search Path Vulnerability
fortiguard.com
rss
forum
news
Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning
Ajit Jasrotia2024-11-04
Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning | Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft. “Collectively, the vulnerabilities could allow an attacker to carry out a wide-range of malicious actions with a single HTTP request, including denial-of-service […] The post Critical Flaws in Ollama AI Framework Could
allhackernews.com
rss
forum
news
Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool - The Hacker News
2024-06-24
Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool - The Hacker News | News Content: Cybersecurity researchers have detailed a now-patched security flaw affecting the Ollama open-source artificial intelligence (AI) infrastructure platform that could be exploited to achieve remote code execution. Tracked as CVE-2024-37032, the vulnerability has been codenamed Probllama by cloud security firm Wiz. Following responsible disclosure on May 5, 2024, the issue was addressed in version 0.1.34 released on May 7, 2024. Ollama is a service for packaging, deploying, running large language models (LLMs) locally on Windows, Linux, and macOS devices. At its core, the
google.com
rss
forum
news
1st July – Threat Intelligence Report - Check Point Research
2024-07-01
1st July – Threat Intelligence Report - Check Point Research | News Content: For the latest discoveries in cyber research for the week of 1st July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The BlackSuit ransomware group has hit South Africa’s National Health Laboratory Service (NHLS), disrupting lab result dissemination amid a Mpox outbreak. The actors have deleted system sections, including backups, forcing manual result communication. Despite the attack, labs continue processing samples, but system restoration timing is unknown. Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware.Wins.BlackSuite, Ransomware.Wins.BlackSuit, Ransomware_Linux_BlackSuit) TeamViewer has confirmed
cve-2024-5805
cve-2024-5655
cve-2024-5806
cve-2024-37032
CVE-2024-37032 | Ollama up to 0.1.33 Digest TestGetBlobsPath path traversal
vuldb.com2024-07-16
CVE-2024-37032 | Ollama up to 0.1.33 Digest TestGetBlobsPath path traversal | A vulnerability, which was classified as problematic, has been found in Ollama up to 0.1.33. Affected by this issue is the function TestGetBlobsPath of the component Digest Handler. The manipulation leads to relative path traversal. This vulnerability is handled as CVE-2024-37032. The attack can only
vuldb.com
rss
forum
news
Tageszusammenfassung - 24.06.2024
CERT.at2024-06-24
Tageszusammenfassung - 24.06.2024 | End-of-Day report Timeframe: Freitag 21-06-2024 18:00 - Montag 24-06-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer News Ratel RAT targets outdated Android phones in ransomware attacks An open-source Android malware named Ratel RAT is widely deployed by multiple cybercriminals to attack outdated devices, some aiming to lock them down with a ransomware module that demands payment on Telegram. [..] As for the targets, Check Point mentions successful targeting of high-profile organizations
cve-2024-37032
cve-2024-34102
domains
urls
1st July – Threat Intelligence Report - Check Point Research - Check Point Research
2024-07-01
1st July – Threat Intelligence Report - Check Point Research - Check Point Research | News Content: For the latest discoveries in cyber research for the week of 1st July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The BlackSuit ransomware group has hit South Africa’s National Health Laboratory Service (NHLS), disrupting lab result dissemination amid a Mpox outbreak. The actors have deleted system sections, including backups, forcing manual result communication. Despite the attack, labs continue processing samples, but system restoration timing is unknown. Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware.Wins.BlackSuite, Ransomware.Wins.BlackSuit, Ransomware_Linux_BlackSuit
cve-2024-5655
cve-2024-5805
cve-2024-37032
cve-2024-5806

Social Media

Ollama, a leading provider of Al infrastructure tools, has recently faced scrutiny due to a critical Remote Code Execution (RCE) vulnerability. This vulnerability, tagged as CVE-2024-37032, allows attackers to execute arbitrary code on affected systems, posing significant https://t.co/yZCCXyLJ5H
0
0
2
A significance remote code execution vulnerability, CVE-2024-37032 has been discovered in Ollama AI's infrastructure tool. This #vulnerability exploits insufficient input validation and path traversal, allowing attackers to overwrite files and execute arbitrary code🔐💻 https://t.co/AxVvFn9A5G
0
0
0
🚨 #CVE-2024-37032: A critical flaw in Ollama's "/api/pull" endpoint allows attackers to send malicious requests that can overwrite files on the server and can be escalated to RCE! This issue has been addressed in version 0.1.34. Upgrade now! https://t.co/42PCgMyiQL #AppSec
0
0
1
A equipe da Wiz Research descobriu uma vulnerabilidade de Execução Remota de Código de fácil exploração no Ollama: CVE-2024-37032, apelidada de 'Probllama'. https://t.co/5QSAtkklSb
0
0
0
TheHackersNews: RT @TheHackersNews: 🚨 Critical security flaw (CVE-2024-37032) discovered in Ollama, an open-source AI platform, could lead to remote code e…
0
0
0
Oh gosh! Are you using Ollama? Ollama's AI infrastructure tool hit by a critical RCE flaw (CVE-2024-37032) exposing Docker deployments to remote exploitation. This path traversal vulnerability allows attackers to overwrite configuration files, leading to remote code execution. https://t.co/gqNx6umVyl
0
0
0
"Wiz Research discovered an easy-to-exploit #RemoteCodeExecution #vulnerability in #Ollama: CVE-2024-37032, dubbed “#Probllama.”" https://t.co/wRicTHwYfN
0
0
0
💥 EXCLUSIVE: Wiz Research uncovers CVE-2024-37032, aka #Probllama — a vulnerability in @Ollama that that left thousands of #AI models exposed 😲 Tune in to our new #CryingOutCloud episode to learn all about it: 🎧 https://t.co/GFv5IfE4St 🍏 https://t.co/n0iObMkpV3 https://t.co/U9tzZpbcey
0
0
6
『in docker deployments, the API server is publicly exposed, and therefore could be exploited remotely.』 Probllama: Ollama Remote Code Execution Vulnerability (CVE-2024-37032) – Overview and Mitigations https://t.co/QLkROJHzi8 iocs: https://www.wiz.io/blog/probllama-ollama-vulnerability-cve-2024-37032
0
0
0
CVE-2024-37032 : Update Ollama NOW!! Something for AI Companies and researchers as well.. (P.S. :Ollama is one of the most popular open-source projects for running AI Models, with over 70k stars on GitHub and hundreds of thousands of monthly pulls on Docker Hub[Source: Wiz https://t.co/Ju8ZOaL6HX
1
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://github.com/ollama/ollama/blob/adeb40eaf29039b8964425f69a9315f9f1694ba8/server/modelpath_test.go#L41-L58
[email protected]https://github.com/ollama/ollama/compare/v0.1.33...v0.1.34
[email protected]https://github.com/ollama/ollama/pull/4175
[email protected]https://github.com/ollama/ollama/blob/adeb40eaf29039b8964425f69a9315f9f1694ba8/server/modelpath_test.go#L41-L58
[email protected]https://github.com/ollama/ollama/compare/v0.1.33...v0.1.34
[email protected]https://github.com/ollama/ollama/pull/4175
[email protected]https://www.vicarius.io/vsociety/posts/probllama-in-ollama-a-tale-of-a-yet-another-rce-vulnerability-cve-2024-37032
GITHUBhttps://www.vicarius.io/vsociety/posts/probllama-in-ollama-a-tale-of-a-yet-another-rce-vulnerability-cve-2024-37032
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/ollama/ollama/blob/adeb40eaf29039b8964425f69a9315f9f1694ba8/server/modelpath_test.go#L41-L58
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/ollama/ollama/compare/v0.1.33...v0.1.34
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/ollama/ollama/pull/4175
AF854A3A-2127-422B-91AE-364DA2661108https://www.vicarius.io/vsociety/posts/probllama-in-ollama-a-tale-of-a-yet-another-rce-vulnerability-cve-2024-37032
[email protected]https://github.com/ollama/ollama/blob/adeb40eaf29039b8964425f69a9315f9f1694ba8/server/modelpath_test.go#L41-L58
[email protected]https://github.com/ollama/ollama/compare/v0.1.33...v0.1.34
[email protected]https://github.com/ollama/ollama/pull/4175
[email protected]https://www.vicarius.io/vsociety/posts/probllama-in-ollama-a-tale-of-a-yet-another-rce-vulnerability-cve-2024-37032

CWE Details

CWE IDCWE NameDescription
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence