CVE-2024-8063 — Ollama Divide by Zero Vulnerability in github.com/ollama/ollama

Description

A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when importing GGUF models with a crafted type for `block_count` in the Modelfile. This can lead to a denial of service (DoS) condition when the server processes the model, causing it to crash.

How to fix CVE-2024-8063

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

—no fix listed
—no fix listed
—no fix listed

Is CVE-2024-8063 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, <= 0.3.3
from 0
from 0, <= 0.3.3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (6)

ADVISORYgithub.com/advisories/GHSA-2xf2-gjm6-g2c6
ADVISORYnvd.nist.gov/vuln/detail/CVE-2024-8063
EXPLOIThuntr.com/bounties/fd8e1ed6-21d2-4c9e-8395-2098f11b7db9
PATCHgithub.com/ollama/ollama
WEB