Login Sign Up

CVE-2024-8063

7.5 HIGH
Denial of Service

📋 TL;DR

A divide-by-zero vulnerability in ollama/ollama v0.3.3 allows attackers to cause denial of service by importing malicious GGUF models with crafted block_count values. This affects anyone running vulnerable ollama servers that process untrusted model files. The server crashes when processing the malicious model, disrupting AI inference services.

💻 Affected Systems

Products:
  • ollama/ollama
Versions: v0.3.3
Operating Systems: All platforms running ollama
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerable when importing GGUF models via Modelfile. Only affects servers that process untrusted or malicious model files.

📦 What is this software?

Ollama by Ollama

View all CVEs affecting Ollama →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage of ollama server, disrupting all AI model inference capabilities and potentially affecting dependent applications.

🟠

Likely Case

Server crash requiring manual restart, causing temporary service disruption until recovery.

🟢

If Mitigated

No impact if models are validated before import or from trusted sources only.

🌐 Internet-Facing: MEDIUM - Requires model import capability and processing of malicious files, but could be exploited if server accepts external model uploads.
🏢 Internal Only: LOW - Lower risk if models come from trusted internal sources and import controls are in place.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires crafting a malicious GGUF model file with specific block_count values and convincing the server to import it.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.3.4 or later

Vendor Advisory: https://github.com/ollama/ollama/security/advisories/GHSA-xxxx-xxxx-xxxx

Restart Required: No

Instructions:

1. Update ollama to v0.3.4 or later using your package manager. 2. For manual install: Download latest release from GitHub. 3. Replace existing binary. 4. No restart needed for patch application.

🔧 Temporary Workarounds

Restrict model imports

all

Only import models from trusted, verified sources. Implement validation for GGUF files before processing.

Network segmentation

all

Isolate ollama servers from untrusted networks and restrict model upload capabilities.

🧯 If You Can't Patch

  • Implement strict model validation: reject GGUF files with suspicious block_count values before processing.
  • Monitor server logs for crash events and implement automated restart mechanisms for resilience.

🔍 How to Verify

Check if Vulnerable:

Check ollama version: ollama --version. If output shows v0.3.3, system is vulnerable.

Check Version:

ollama --version

Verify Fix Applied:

After update, run ollama --version and confirm version is v0.3.4 or higher.

📡 Detection & Monitoring

Log Indicators:

  • Server crash logs with divide-by-zero errors
  • Unexpected termination of ollama process
  • Error messages related to GGUF model parsing

Network Indicators:

  • Sudden drop in ollama service availability
  • Failed model import requests

SIEM Query:

process:ollama AND (event:crash OR error:"divide by zero" OR error:GGUF)

📊 Metadata

CVE ID: CVE-2024-8063
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-369
EPSS Score: 0.25% exploit probability (48.1th percentile)
Published: March 20, 2025
Last Updated: May 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8063, you might also want to check these:

CVE-2021-32494 10.0

CVE-2021-32494 is a division by zero vulnerability in Radare2's Mach-O parser that allows attackers ...

Same vulnerability type (CWE-369)
CVE-2020-20892 8.8

A division by zero vulnerability in FFmpeg's lens correction filter allows attackers to cause denial...

Same vulnerability type (CWE-369)
CVE-2023-3896 7.8

This vulnerability is a divide-by-zero error in Vim text editor versions 9.0.1367-1 through 9.0.1367...

Same vulnerability type (CWE-369)