cve/CVE-2024-37032.md at main

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-05 10:17:57 +00:00

0xMarcio d6bcaa53f2 Update CVE sources 2024-07-25 21:25

2024-07-25 21:25:12 +00:00

973 B

Raw Permalink Blame History

CVE-2024-37032

Description

Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring.

POC

Reference

https://www.vicarius.io/vsociety/posts/probllama-in-ollama-a-tale-of-a-yet-another-rce-vulnerability-cve-2024-37032

Github

https://github.com/Hatcat123/my_stars
https://github.com/Mr-xn/Penetration_Testing_POC
https://github.com/Ostorlab/KEV
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile

973 B Raw Permalink Blame History

CVE-2024-37032

Description

POC

Reference

Github

973 B

Raw Permalink Blame History