CVE-2024-45436

Summary

CVE-2024-45436 is a vulnerability in the Ollama software that affects versions prior to 0.1.47, allowing improper extraction of ZIP archive members outside the intended parent directory. This flaw has been assigned a high severity rating with a CVSS base score of 7.5, indicating a significant risk to confidentiality due to potential unauthorized access to sensitive files. Remediation involves upgrading to version 0.1.47 or later, as detailed in the patches available on GitHub. The vulnerability operates over a network with low attack complexity, requiring no privileges or user interaction, which raises concerns for organizations using affected products identified by various identifiers such as 'yNNha6' and 'yNNhbD'. Failure to address this vulnerability could lead to serious security breaches within an organization’s system infrastructure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.