Divide by Zero Vulnerability in Ollama Product by Ollama
CVE-2024-8063
7.5HIGH
What is CVE-2024-8063?
A divide by zero vulnerability has been identified in the Ollama product version v0.3.3. This issue arises during the import of GGUF models with a specifically crafted type for the block_count
in the Modelfile. When the server attempts to process such a model, it can lead to a denial of service condition, causing the server to crash and making the service unavailable to users.
Affected Version(s)
ollama/ollama <= unspecified
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
CVSS V3.0
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved