Login Sign Up

CVE-2024-37032

8.8 HIGH
Remote Code Execution Path Traversal

📋 TL;DR

This vulnerability in Ollama allows attackers to bypass path validation when retrieving model files, potentially leading to arbitrary file read or remote code execution. It affects all Ollama installations running versions before 0.1.34. The issue stems from improper validation of SHA256 digest format in model path handling.

💻 Affected Systems

Products:
  • Ollama
Versions: All versions before 0.1.34
Operating Systems: Linux, macOS, Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations are vulnerable; no special configuration required for exploitation.

📦 What is this software?

Ollama by Ollama

View all CVEs affecting Ollama →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution through path traversal leading to full system compromise, data exfiltration, or lateral movement within the network.

🟠

Likely Case

Arbitrary file read allowing access to sensitive configuration files, model data, or system information.

🟢

If Mitigated

Limited impact with proper network segmentation and minimal privileges, potentially only affecting isolated model storage.

🌐 Internet-Facing: HIGH - Ollama instances exposed to the internet are directly vulnerable to exploitation without authentication.
🏢 Internal Only: MEDIUM - Internal instances still vulnerable but require network access; risk depends on internal segmentation.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof of concept available in public references; exploitation requires minimal technical skill due to lack of authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.1.34

Vendor Advisory: https://github.com/ollama/ollama/releases/tag/v0.1.34

Restart Required: Yes

Instructions:

1. Stop Ollama service. 2. Download and install Ollama 0.1.34 or later from official releases. 3. Restart Ollama service. 4. Verify version with 'ollama --version'.

🔧 Temporary Workarounds

Network Restriction

linux

Restrict network access to Ollama instances using firewall rules

sudo ufw deny from any to any port 11434
sudo iptables -A INPUT -p tcp --dport 11434 -j DROP

Service Isolation

all

Run Ollama in isolated container or VM with minimal privileges

docker run --rm -it -p 11434:11434 ollama/ollama:0.1.34

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Ollama instances from untrusted networks
  • Run Ollama with minimal system privileges and in read-only filesystem mode where possible

🔍 How to Verify

Check if Vulnerable:

Check Ollama version: if version is less than 0.1.34, system is vulnerable

Check Version:

ollama --version

Verify Fix Applied:

Verify version is 0.1.34 or higher and test path validation with malformed digest inputs

📡 Detection & Monitoring

Log Indicators:

  • Unusual model path requests with non-standard digest formats
  • Failed path validation attempts
  • Access to files outside expected model directories

Network Indicators:

  • HTTP requests to Ollama API with malformed digest parameters
  • Unusual traffic patterns to port 11434

SIEM Query:

source="ollama.log" AND ("../" OR "digest" AND NOT "sha256:[a-f0-9]{64}")

📊 Metadata

CVE ID: CVE-2024-37032
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-22
Published: May 31, 2024
Last Updated: May 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-37032, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)