Security News > 2024 > June > Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool
2024-06-24 13:52
Cybersecurity researchers have detailed a now-patch security flaw affecting the Ollama open-source artificial intelligence (AI) infrastructure platform that could be exploited to achieve remote code execution. Tracked as CVE-2024-37032, the vulnerability has been codenamed Probllama by cloud security firm Wiz. Following responsible disclosure on May 5, 2024, the issue was addressed in version
News URL
https://thehackernews.com/2024/06/critical-rce-vulnerability-discovered.html
Related news
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Critical Langflow RCE flaw exploited to hack AI app servers (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- AI Vulnerability Finding (source)
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-31 | CVE-2024-37032 | Unspecified vulnerability in Ollama Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring. | 0.0 |