VYPR
Unrated severityNVD Advisory· Published Oct 31, 2024· Updated Nov 1, 2024

CVE-2024-39721

CVE-2024-39721

Description

An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinitely (even after the HTTP request is aborted by the client).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Ollama/Ollamacpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <0.1.34

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.