CVE-2024-39720
Description
Ollama before 0.1.46 allows an unauthenticated attacker to cause a denial of service via crafted GGUF file and Modelfile, leading to a segmentation fault.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Ollama before 0.1.46 allows an unauthenticated attacker to cause a denial of service via crafted GGUF file and Modelfile, leading to a segmentation fault.
Vulnerability
Overview Ollama versions prior to 0.1.46 contain an out-of-bounds read vulnerability (CWE-125) in the handling of GGUF model files. An attacker can exploit this by sending two HTTP requests: first to upload a malformed GGUF file containing only 4 bytes starting with the custom magic header, and second to create a model using a Modelfile that references the attacker-controlled blob via a FROM statement. This triggers a segmentation fault (signal SIGSEGV) in the CreateModel route, resulting in a denial of service [1][2].
Exploitation
Conditions No authentication is required to trigger the vulnerability. The attacker only needs network access to an Ollama server. The exploit leverages the standard HTTP API endpoints used for uploading files and creating models. The root cause is insufficient validation of GGUF file contents before attempting to parse them, leading to an out-of-bounds read when the parser encounters the truncated data [1][2].
Impact
Successful exploitation causes the Ollama application to crash due to a segmentation violation. This constitutes a denial of service, making the AI model serving functionality unavailable until the service is manually restarted. The Ollama project is widely used in enterprise environments for local inference, and such crashes can disrupt productivity [1][3].
Mitigation
The vulnerability is patched in Ollama version 0.1.46. Users should upgrade to this version or later to prevent exploitation. There is no known workaround. The fix addresses the GGUF parsing logic to properly handle malformed files [4].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/ollama/ollamaGo | < 0.1.46 | 0.1.46 |
Affected products
8- ghsa-coords7 versionspkg:golang/github.com/ollama/ollamapkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Package%20Hub%2012
< 0.1.46+ 6 more
- (no CPE)range: < 0.1.46
- (no CPE)range: < 0.0.20241104T154416-150000.1.12.1
- (no CPE)range: < 0.0.20241104T154416-150000.1.12.1
- (no CPE)range: < 0.0.20241101T215616-1.1
- (no CPE)range: < 0.0.20241104T154416-150000.1.12.1
- (no CPE)range: < 0.0.20241104T154416-150000.1.12.1
- (no CPE)range: < 0.0.20241104T154416-5.1
Patches
1cb42e607c5cfVulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-95j2-w8x7-hm88ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-39720ghsaADVISORY
- github.com/ollama/ollama/compare/v0.1.45...v0.1.46ghsaWEB
- oligo.security/blog/more-models-more-probllmsghsaWEB
- oligosecurity.webflow.io/blog/more-models-more-probllmsghsaWEB
- pkg.go.dev/vuln/GO-2024-3245ghsaWEB
News mentions
0No linked articles in our index yet.