cbcvebase.
CVE-2024-39720
published 2024-10-31

CVE-2024-39720: An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with…

PriorityP345high8.2CVSS 3.1
AVNACLPRNUINSUCLINAH
EPSS
2.48%
82.6th percentile
An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file, the attacker can crash the application through the CreateModel route, leading to a segmentation fault (signal SIGSEGV: segmentation violation).

Affected

2 ranges
VendorProductVersion rangeFixed in
github.comollama_ollama>= 0 < 0.1.460.1.46
ollamaollama< 0.1.460.1.46
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.