Cyber Resilience

CVE-2024-37032

HighPublic PoC

Published: 31 May 2024

Published
31 May 2024
Modified
01 May 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9367 99.9th percentile
Risk Priority 74 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-37032 is a high-severity Path Traversal (CWE-22) vulnerability in Ollama Ollama. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

Ollama versions prior to 0.1.34 contain a path traversal vulnerability (CWE-22) in the handling of model digests. The code fails to enforce the expected sha256 format of exactly 64 hexadecimal digits when constructing blob paths, allowing inputs that contain fewer or more digits or that begin with ../ to bypass intended restrictions during TestGetBlobsPath processing.

An attacker with the ability to supply a crafted model path or digest can exploit the flaw to traverse directories and access or modify arbitrary files on the host. The CVSS 8.8 score reflects network-accessible attack vectors that require only low-privileged credentials and can result in full confidentiality, integrity, and availability impacts, including remote code execution in the context of the Ollama process.

The referenced GitHub pull request and version diff show that the issue was addressed by adding explicit digest-format validation in the 0.1.34 release. The comparison between v0.1.33 and v0.1.34 confirms the corrective changes were merged to reject malformed digests before path construction occurs.

Ollama is widely used to run large language models locally, making the vulnerability relevant to AI/ML environments that expose the service. The associated EPSS score has remained near its peak of 0.9382 with a current value of 0.9367, indicating sustained exploitation interest following disclosure.

EU & UK References

Vulnerability details

Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits,…

more

or an initial ../ substring.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

ollama
ollama
≤ 0.1.34

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References