CVE-2024-37032: 
Wolfi vulnerability analysis and mitigation

CVE-2024-37032 is a critical remote code execution vulnerability affecting Ollama versions before 0.1.34. The vulnerability, dubbed 'Probllama', was discovered in May 2024 and stems from insufficient validation of the digest format (sha256 with 64 hex digits) when getting the model path. This affects the handling of TestGetBlobsPath test cases, particularly with inputs containing fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring (Wiz Blog, Hacker News).

The vulnerability exists in Ollama's API server where insufficient input validation leads to a path traversal vulnerability that can be exploited to overwrite arbitrary files on the server. The issue specifically affects the /api/pull endpoint, which is used to download models from registries. An attacker can exploit this by supplying a malicious manifest file containing a path traversal payload in the digest field. In Docker deployments, the vulnerability is particularly severe as the API server runs with root privileges and listens on 0.0.0.0 by default, enabling remote exploitation (Wiz Blog).

The vulnerability can lead to remote code execution, allowing attackers to take over self-hosted AI inference servers, steal or modify AI models, and compromise AI applications. The impact is particularly severe in Docker installations where the server runs with root privileges. Research indicates that as of June 2024, there were a large number of Ollama instances running vulnerable versions exposed to the internet (Wiz Blog).

Organizations should upgrade their Ollama installations to version 0.1.34 or newer to mitigate this vulnerability. Additionally, it is recommended not to expose Ollama to the internet unless protected by authentication mechanisms such as a reverse proxy. In Docker deployments, special attention should be paid to securing the API server access (Wiz Blog).

The vulnerability was responsibly disclosed to Ollama's development team in May 2024. The team demonstrated impressive response time by committing a fix within approximately 4 hours of receiving the initial report, showing strong commitment to their product's security. The patch was released in version 0.1.34 on May 8, 2024 (Wiz Blog).