CVE-2024-8063

HIGH7.5EPSS 0.07%

Ollama Divide by Zero Vulnerability in github.com/ollama/ollama

發布日:2025/3/20修改日:2026/5/21

描述

A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when importing GGUF models with a crafted type for `block_count` in the Modelfile. This can lead to a denial of service (DoS) condition when the server processes the model, causing it to crash.

受影響套件(3)

Go/github.com/ollama/ollamafrom 0, <= 0.3.3
Go/github.com/ollama/ollamafrom 0
PyPI/ollamafrom 0, <= 0.3.3

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

參考連結(5)

ADVISORYhttps://github.com/advisories/GHSA-2xf2-gjm6-g2c6
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-8063
EXPLOIThttps://huntr.com/bounties/fd8e1ed6-21d2-4c9e-8395-2098f11b7db9
PATCHhttps://github.com/ollama/ollama
WEBhttps://github.com/ollama/ollama/issues/8020