Skip to content

x/vulndb: potential Go vuln in github.com/ollama/ollama: GHSA-2xf2-gjm6-g2c6 #3689

New issue
New issue
Open
Open
x/vulndb: potential Go vuln in github.com/ollama/ollama: GHSA-2xf2-gjm6-g2c6#3689
Labels
high prioritytriagedwaitingthe issue is waiting for additional information from an external source
@GoVulnBot

Description

@GoVulnBot
GoVulnBot
opened on May 15, 2025

Advisory GHSA-2xf2-gjm6-g2c6 references a vulnerability in the following Go modules:

Module
github.com/ollama/ollama

Description:
A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when importing GGUF models with a crafted type for block_count in the Modelfile. This can lead to a denial of service (DoS) condition when the server processes the model, causing it to crash.

References:

Cross references:

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/ollama/ollama
      vulnerable_at: 0.7.0
summary: Ollama Divide by Zero Vulnerability in github.com/ollama/ollama
cves:
    - CVE-2024-8063
ghsas:
    - GHSA-2xf2-gjm6-g2c6
references:
    - advisory: https://github.com/advisories/GHSA-2xf2-gjm6-g2c6
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-8063
    - report: https://github.com/ollama/ollama/issues/8020
    - web: https://huntr.com/bounties/fd8e1ed6-21d2-4c9e-8395-2098f11b7db9
source:
    id: GHSA-2xf2-gjm6-g2c6
    created: 2025-05-15T18:01:33.93856887Z
review_status: UNREVIEWED

Metadata

Metadata

Assignees

No one assigned

    Labels

    high prioritytriagedwaitingthe issue is waiting for additional information from an external source

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions