CVE-2024-39720

An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file, the attacker can crash the application through the CreateModel route, leading to a segmentation fault (signal SIGSEGV: segmentation violation).

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/ollama/ollama/compare/v0.1.45...v0.1.46#diff-782c2737eecfa83b7cb46a77c8bdaf40023e7067baccd4f806ac5517b4563131L417	Product
https://oligo.security/blog/more-models-more-probllms	Third Party Advisory Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:ollama:ollama:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-10-31 20:15

Updated : 2025-05-13 13:28

NVD link : CVE-2024-39720

Mitre link : CVE-2024-39720

CVE.ORG link : CVE-2024-39720

JSON object : View

Products Affected

ollama

ollama

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2024-39720", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2024-10-31T20:15:04.877", "references": [{"url": "https://github.com/ollama/ollama/compare/v0.1.45...v0.1.46#diff-782c2737eecfa83b7cb46a77c8bdaf40023e7067baccd4f806ac5517b4563131L417", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://oligo.security/blog/more-models-more-probllms", "tags": ["Third Party Advisory", "Exploit"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file, the attacker can crash the application through the CreateModel route, leading to a segmentation fault (signal SIGSEGV: segmentation violation)."}, {"lang": "es", "value": " Se descubri\u00f3 un problema en Ollama antes de la versi\u00f3n 0.1.46. Un atacante puede usar dos solicitudes HTTP para cargar un archivo GGUF malformado que contenga solo 4 bytes comenzando con el encabezado m\u00e1gico personalizado GGUF. Al aprovechar un Modelfile personalizado que incluye una declaraci\u00f3n FROM que apunta al archivo blob controlado por el atacante, el atacante puede bloquear la aplicaci\u00f3n a trav\u00e9s de la ruta CreateModel, lo que genera una segmentation fault (se\u00f1al SIGSEGV: segmentation violation)."}], "lastModified": "2025-05-13T13:28:14.270", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ollama:ollama:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "157D4158-4457-4E02-A24C-BFFD9C2F48D6", "versionEndExcluding": "0.1.46"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}