What is CVE-2024-37032?

CVE-2024-37032 is a vulnerability in N/a. Published 2024-05-31.

Is CVE-2024-37032 known to be exploited?

26 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2024-37032

Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an i…

EPSS: 0.937 (99.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

Bi0x/CVE-2024-37032
itzSh4dowxZ/CVE-2024-37032-PoC
pankass/CVE-2024-37032_CVE-2024-45436
ahboon/CVE-2024-37032-scanner
rapid7/metasploit-framework
Hatcat123/my_
J1ezds/Vulnerability-Wiki-page
Mr-xn/Penetration_
Ostorlab/KEV
ParisNeo/ollama_

References

github.com/ollama/ollama/pull/4175
github.com/ollama/ollama/compare/v0.1.33...v0.1.34
github.com/ollama/ollama/blob/adeb40eaf29039b8964425f69a9315f9f1694ba8/server/m…
www.vicarius.io/vsociety/posts/probllama-in-ollama-a-tale-of-a-yet-another-rce-…

Frequently asked questions

What is CVE-2024-37032?: CVE-2024-37032 is a vulnerability in N/a. Published 2024-05-31.
Is CVE-2024-37032 known to be exploited?: 26 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.