Lucene search
GitHub Advisory DatabaseGHSA-8HQG-WHRW-PV92HistoryMay 31, 2024 - 6:30 a.m.
Ollama does not validate the format of the digest (sha256 with 64 hex digits)
2024-05-3106:30:27
GitHub Advisory Database
github.com
12
ollama
sha256 digest
mishandling
model paths
software
Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring.
Affected configurations
Node
github.com\/ollama\/ollamaRange<0.1.34
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/ollama/ollama | lt | 0.1.34 |
References
github.com/advisories/GHSA-8hqg-whrw-pv92
github.com/ollama/ollama/blob/adeb40eaf29039b8964425f69a9315f9f1694ba8/server/modelpath_test.go#L41-L58
github.com/ollama/ollama/commit/2a21363bb756a7341d3d577f098583865bd7603f
github.com/ollama/ollama/compare/v0.1.33...v0.1.34
github.com/ollama/ollama/pull/4175
nvd.nist.gov/vuln/detail/CVE-2024-37032
pkg.go.dev/vuln/GO-2024-2901
Related
osv
osv
CGA-hv8x-jmgj-fp3m
2024-06-21 08:04:20
nessus
nessus
Ollama < 0.1.34 Improper Input Validation
2024-06-07 00:00:00
veracode
veracode
Improper Input Validation
2024-06-05 06:07:39
cvelist
cvelist
CVE-2024-37032
1976-01-01 00:00:00
wizblog
wizblog
vulnrichment
vulnrichment
CVE-2024-37032
1976-01-01 00:00:00
nvd
nvd
CVE-2024-37032
2024-05-31 04:15:09
wolfi
wolfi
CVE-2024-37032 vulnerabilities
2024-06-27 09:08:32
cve
cve
CVE-2024-37032
2024-05-31 04:15:09
githubexploit
githubexploit
Exploit for CVE-2024-37032
2024-06-26 03:11:29
thn
thn
Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool
2024-06-24 13:52:00