Ollama, a widely used tool for running large language models, has been found to contain a critical Out-Of-Bounds Write vulnerability. This flaw affects all versions prior to 0.7.0 and exists due to improper validation of metadata values in model file parsing. Attackers can exploit this oversight by crafting malicious GGUF model files, leading to memory manipulation beyond allocated boundaries, thus achieving remote code execution on affected systems.
The vulnerability primarily impacts the code responsible for parsing mllama models, revealing unsafe memory operations in an earlier C++ implementation. In response, the Ollama development team has rewritten the affected code in Go in version 0.7.0 to address these security issues. Users of the platform are strongly advised to audit their deployments and ensure they are using the latest versions to protect against potential attacks using untrusted model files.
👉 Pročitaj original: Cyber Security News
