AI/ML, Vulnerability Management

New Ollama RCE vulnerability immediately fixed

Share
Credit: Getty Images

SiliconAngle reports that updates have been released by open-source artificial intelligence infrastructure platform Ollama to address a remote code execution flaw, tracked as CVE-2024-37032, just three days after being notified by Wiz security researchers in early May.

Such a security issue, also known as "Probllama", could be leveraged to facilitate the delivery of specially crafted HTTP requests and arbitrary file overwriting, according to the Wiz report. Threat actors could also exploit the flaw, which was found across numerous internet-exposed Ollama instances, to enable complete remote code execution in Docker implementations, takeover servers, and breach hosted AI models and apps, said researchers. Organizations' security teams have been urged to ensure that their Ollama instances are on patched versions issued on May 8 or later. On the other hand, Ollama's immediate response to the vulnerability has been heralded as something that should be emulated by Big Tech firms.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.