Endless Loop in CreateModelHandler Function Due to User-Controlled File Read
CVE-2024-39721

Currently unrated

Key Information:

Vendor: Ollama
Status: Ollama
Vendor: CVE Published:; 31 October 2024

What is CVE-2024-39721?

An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinitely (even after the HTTP request is aborted by the client).

References

https://github.com/ollama/ollama/blob/9164b0161bcb24e543c...

https://github.com/ollama/ollama/blob/adeb40eaf29039b8964...

https://www.oligo.security/blog/more-models-more-probllms

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2024