Miggo Logo
Miggo Vulnerability Database
CVE-2024-45436

CVE-2024-45436: Ollama can extract members of a ZIP archive outside of the parent directory

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-45436
GHSA ID
GHSA-846m-99qv-67mg
EPSS Score
0.96266%
CWE
CWE-22
Published
8/29/2024
Updated
8/29/2024
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/ollama/ollamago< 0.1.470.1.47

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the original implementation of extractFromZipFile which directly used zip.File.Name without path sanitization. The commit diff shows the addition of a path validation check using strings.HasPrefix(n, p) to prevent parent directory escapes. The CVE description specifically names this function, and the patch adds both the security check and corresponding test cases to validate() the fix. The vulnerable version joined user-controlled ZIP entry names with the target directory without normalization, enabling directory traversal attacks.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

`*xtr**t*romZip*il*` in `mo**l.*o` in Oll*m* ***or* *.*.** **n *xtr**t m*m**rs o* * ZIP *r**iv* outsi** o* t** p*r*nt *ir**tory.

Reasoning

T** vuln*r**ility st*ms *rom t** ori*in*l impl*m*nt*tion o* `*xtr**t*romZip*il*` w*i** *ir**tly us** `zip.*il*.N*m*` wit*out p*t* s*nitiz*tion. T** *ommit *i** s*ows t** ***ition o* * p*t* v*li**tion ****k usin* `strin*s.**sPr**ix(n, p)` to pr*v*nt p