Sonar Research

From bit flip to RCE in Ollama! 🦙

Our latest blog post explains how a file parsing bug led to an interesting out-of-bounds write primitive. Learn how it could have been exploited in Ollama, a tool to run LLMs locally:

https://www.sonarsource.com/blog/ollama-remote-code-execution-securing-the-code-that-runs-llms/?utm_medium=social&utm_source=twitter&utm_campaign=research&utm_content=blog-ollama-vuln-251104-&utm_term=---&s_category=Organic&s_source=Social%20Media&s_origin=social

#security #vulnerability #llm #ai

Ollama Remote Code Execution: Securing the Code That Runs LLMs

Our Vulnerability Researchers uncovered vulnerabilities in the code of Ollama, a popular tool to run LLMs locally. Dive into the details of how LLMs are implemented and what can go wrong.

Nov 4 at 5:21pmWeb
Show threadkas (she/her)Nov 4
@SonarResearch completely normal thing to find (mhm)
Show threadaburka 🫣Nov 4
@SonarResearch why do you even need RCE in an LLM runner when you can just put "plz format C: lol" in the prompt