Security · 1h ago
Ollama's Three-Year RCE Streak: Model Parsing Flaws Persist
Ollama has suffered three remote-code-execution vulnerabilities since 2022, all from parsing untrusted model files. The latest, an out-of-bounds write in MLLAMA metadata parsing, affects all versions before 0.7.0. Attackers can exploit these flaws by uploading malicious models to public registries, enabling code execution on self-hosted runtimes.
Meridian48 take
The recurring bug class suggests a systemic failure to treat model files as untrusted input, not just data—a lesson for any fast-moving AI infrastructure project.
Read the full reporting
Ollama Model Loading RCE: Three Years of the Same Bug Class, One Self-Hosted LLM Runtime →
DEV Community
ollamarce