CVE-2024-37032

HIGH EXPLOITED NUCLEI

Ollama < 0.1.34 - Path Traversal

Title source: rule

Description

Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring.

Exploits (4)

nomisec WORKING POC 51 stars

by Bi0x · poc

https://github.com/Bi0x/CVE-2024-37032

View Code ZIP pw:eip

nomisec WORKING POC 8 stars

by pankass · poc

https://github.com/pankass/CVE-2024-37032_CVE-2024-45436

View Code ZIP pw:eip

nomisec SCANNER 1 stars

by ahboon · poc

https://github.com/ahboon/CVE-2024-37032-scanner

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ollama_rce_cve_2024_37032.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Ollama - Remote Code Execution

CRITICALVERIFIEDby kaks3c

Shodan: ollama

References (4)

[Product] https://github.com/ollama/ollama/blob/adeb40eaf29039b8964425f69a9315f9f1694ba8/server/modelpath_test.go#L41-L58

[Release Notes] https://github.com/ollama/ollama/compare/v0.1.33...v0.1.34

[Issue Tracking] https://github.com/ollama/ollama/pull/4175

[Exploit, Third Party Advisory] https://www.vicarius.io/vsociety/posts/probllama-in-ollama-a-tale-of-a-yet-another-rce-vulnerability-cve-2024-37032

Scores

CVSS v3 8.8

EPSS 0.9362

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-08-22

CWE

CWE-22

Status published

Products (2)

ollama/ollama < 0.1.34

ollama/ollama 0 - 0.1.34Go

Published May 31, 2024

Tracked Since Feb 18, 2026