-
CVE-2024-7773/CVE-2024-45436 in OllamaBug Bounty 2024. 10. 8. 00:13
Remote Code Execution via Zipslip
https://huntr.com/bounties/aeb82e05-484f-4431-9ede-25a3478d8dbb
huntr - The world’s first bug bounty platform for AI/ML
huntr.com
zipslip -> create /etc/ld.so.preload/vuln.so -> generate new process -> sprintf() hooked -> RCE
이상하게 꼬여서 같은 취약점에 CVE 두개 발급됨..
'Bug Bounty' 카테고리의 다른 글
CVE-2023-50718 in nocoDB (0) 2024.05.14 CVE-2023-50717 in nocoDB (0) 2024.05.14 KISA 2023 TOP 10 (2) 2024.02.20 [KISA] FastStone v7.4 Stack Buffer Overflow (3) 2020.11.29 [KISA] PicPick v5.0.7 Stack Buffer Overflow (1) 2020.11.29 댓글