NVD - CVE-2024-7773

Vulnerability Change Records for CVE-2024-7773

Change History

CVE Modified by huntr.dev 4/15/2025 12:15:24 PM

Action	Type	Old Value	New Value
Changed	Description	A vulnerability in ollama/ollama version 0.1.37 allows for remote code execution (RCE) due to improper input validation in the handling of zip files. The vulnerability, known as ZipSlip, occurs in the parseFromZipFile function in server/model.go. The code does not check for directory traversal sequences (../) in file names within the zip archive, allowing an attacker to write arbitrary files to the file system. This can be exploited to create files such as /etc/ld.so.preload and a malicious shared library, leading to RCE.	Rejected reason: REJECT DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-45436. Notes: All CVE users should reference CVE-2024-45436 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage.
Removed	CVSS V3.1	NIST: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Removed	CVSS V3	huntr.dev: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Removed	CWE	huntr.dev: CWE-20
Removed	CPE Configuration	OR cpe:2.3:a:ollama:ollama:0.1.37:::::::
Removed	Reference	CISA-ADP: https://huntr.com/bounties/aeb82e05-484f-4431-9ede-25a3478d8dbb
Removed	Reference	huntr.dev: https://github.com/ollama/ollama/commit/123a722a6f541e300bc8e34297ac378ebe23f527
Removed	Reference	huntr.dev: https://huntr.com/bounties/aeb82e05-484f-4431-9ede-25a3478d8dbb
Removed	Reference Type	CISA-ADP: https://huntr.com/bounties/aeb82e05-484f-4431-9ede-25a3478d8dbb Types: Exploit, Third Party Advisory
Removed	Reference Type	huntr.dev: https://github.com/ollama/ollama/commit/123a722a6f541e300bc8e34297ac378ebe23f527 Types: Patch
Removed	Reference Type	huntr.dev: https://huntr.com/bounties/aeb82e05-484f-4431-9ede-25a3478d8dbb Types: Exploit, Third Party Advisory

CVE Rejected by huntr.dev 4/15/2025 12:15:24 PM

Action	Type	Old Value	New Value