CVE-2024-39721
HIGHollama < 0.1.34 - Denial of Service via /dev/random Path Handling
Title source: llmDescription
An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinitely (even after the HTTP request is aborted by the client).
References (3)
Core 3
Core References
Product
https://github.com/ollama/ollama/blob/9164b0161bcb24e543cba835a8863b80af2c0c21/server/routes.go#L557
Product
https://github.com/ollama/ollama/blob/adeb40eaf29039b8964425f69a9315f9f1694ba8/server/routes.go#L536
Exploit, Third Party Advisory
https://www.oligo.security/blog/more-models-more-probllms
Scores
CVSS v3
7.5
EPSS
0.0268
EPSS Percentile
83.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-404
Status
published
Products (1)
ollama/ollama
< 0.1.34
Published
Oct 31, 2024
Tracked Since
Feb 18, 2026