AI Threat Alert

CVE-2024-39721

HIGH
Published October 31, 2024

An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random,...

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package Ecosystem Vulnerable Range Patched
ollama pip No patch

Do you use ollama? You're affected.

Severity & Risk

CVSS 3.1
7.5 / 10
EPSS
N/A
KEV Status
Not in KEV
Sophistication
N/A

Recommended Action

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinitely (even after the HTTP request is aborted by the client).

Weaknesses (CWE)

CWE-404

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Timeline

Published
October 31, 2024
Last Modified
May 13, 2025
First Seen
October 31, 2024
Back to Threat Feed