CVE-2024-8063

HIGH7.5EPSS 0.07%

Ollama Divide by Zero Vulnerability in github.com/ollama/ollama

Published: 3/20/2025Modified: 5/21/2026

Description

A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when importing GGUF models with a crafted type for `block_count` in the Modelfile. This can lead to a denial of service (DoS) condition when the server processes the model, causing it to crash.

Affected packages (3)

Go/github.com/ollama/ollamafrom 0, <= 0.3.3
Go/github.com/ollama/ollamafrom 0
PyPI/ollamafrom 0, <= 0.3.3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (5)

ADVISORYhttps://github.com/advisories/GHSA-2xf2-gjm6-g2c6
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-8063
EXPLOIThttps://huntr.com/bounties/fd8e1ed6-21d2-4c9e-8395-2098f11b7db9
PATCHhttps://github.com/ollama/ollama
WEBhttps://github.com/ollama/ollama/issues/8020