Ollama Memory Leak Vulnerability Allows Remote Process Memory Exposure

Cybersecurity researchers have identified a critical out-of-bounds read vulnerability (CVE-2024-37054) in Ollama, the popular open-source large language model (LLM) deployment framework. Tracked as a high-severity flaw with a CVSS score of 9.0, the vulnerability allows remote, unauthenticated attackers to read arbitrary process memory from the Ollama service. The security weakness stems from insufficient bounds checking in the model's inference pipeline, potentially exposing sensitive data including model weights, API keys, and conversation history stored in memory.

The vulnerability affects Ollama versions prior to 0.1.38 and can be exploited through specially crafted API requests sent to the Ollama service port (typically 11434). Attackers do not require any authentication credentials or user interaction to trigger the memory leak. Security firm Tenable, which discovered and reported the vulnerability, demonstrated that an attacker could exfiltrate gigabytes of process memory with a single request, effectively compromising the entire runtime environment of the LLM application.

Ollama developers released version 0.1.38 to address the security flaw, urging all users to update immediately. Organizations running Ollama in production environments should implement network segmentation and restrict access to the Ollama API port to trusted IP addresses only. Additionally, security teams should audit logs for suspicious memory access patterns and consider rotating any credentials or sensitive data that may have been processed by vulnerable Ollama instances. The rapid adoption of LLM technologies like Ollama has made them attractive targets for threat actors, highlighting the importance of securing AI infrastructure.