Ollama Patches Third RCE Bug in Three Years, All Tied to Model File Parsing
Ollama, a popular self-hosted LLM runtime, has disclosed a remote code execution vulnerability affecting all versions before 0.7.0, rooted in an out-of-bounds write flaw during MLLAMA model metadata parsing. The bug allows a crafted model file to declare a metadata array length that causes the runtime to write beyond an allocated buffer, a classic primitive for achieving code execution. This is the third RCE-class vulnerability Ollama has patched in three years, following a 2024 path-traversal flaw dubbed 'Probllama' and a ZipSlip bug in version 0.1.37, all occurring at the model-loading boundary. The most realistic attack vector involves uploading a malicious model to a public registry, where unsuspecting users running 'ollama pull' on a vulnerable build would be exposed. Users are advised to upgrade to Ollama 0.7.0 or later, which includes patched parsers that validate all length-bearing metadata fields against their allocated buffers.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in