VDB

SNYK-GOLANG-GITHUBCOMOLLAMAOLLAMASERVER-7707878

SNYK-GOLANG-GITHUBCOMOLLAMAOLLAMASERVER-7707878 PUBLISHED CVSS 6.900000095367432 MEDIUM

## Overview Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the `parseFromZipFile` function, which will copy the file in zip to a temporary directory without verifying the file path, and the file can be written to an arbitrary path. ## Details It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder. For instance, a zip may hold a file with a "../../file.exe" location and thus break out of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily. The following is an example of a zip archive with one benign file and one malicious file. Extracting the malicous file will result in traversing out of the target folder, ending up in `/root/.ssh/` overwriting the `authorized_keys` file: ``` +2018-04-15 22:04:29 ..... 19 19 good.txt +2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorized_keys ``` ## Remediation Upgrade `github.com/ollama/ollama/server` to version 0.1.47 or higher. ## References - [GitHub Commit](https://github.com/ollama/ollama/commit/123a722a6f541e300bc8e34297ac378ebe23f527) - [GitHub PR](https://github.com/ollama/ollama/pull/5314) - [PoC](https://gist.github.com/trganda/2affa7162a03a30a79c3f11ef09436ad) - [Vulnerable Code](https://github.com/ollama/ollama/blob/v0.1.46/server/model.go#L80C6-L80C22)

Risk Scores

CVSS 3.1
6.900000095367432
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P

Affected Products

VendorProductVersions
0

Timeline

  • Jul 1, 2024 CVE Updated
  • Aug 29, 2024 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›