CVE-2024-8063

Summary

A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when importing GGUF models with a crafted type for block_count in the Modelfile. This can lead to a denial of service (DoS) condition when the server processes the model, causing it to crash.

Affected Software

VendorProductVersion RangeStatus
ollamaollama/ollamaunspecified <= latestaffected

Weaknesses

  • CWE-369: CWE-369 Divide By Zero

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References