8000 x/vulndb: potential Go vuln in github.com/ollama/ollama: GHSA-2xf2-gjm6-g2c6 · Issue #3689 · golang/vulndb · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

x/vulndb: potential Go vuln in github.com/ollama/ollama: GHSA-2xf2-gjm6-g2c6 #3689

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
GoVulnBot opened this issue May 15, 2025 · 2 comments
Open

x/vulndb: potential Go vuln in github.com/ollama/ollama: GHSA-2xf2-gjm6-g2c6 #3689

GoVulnBot opened this issue May 15, 2025 · 2 comments
Labels
high priority triaged waiting the issue is waiting for additional information from an external source

Comments

@GoVulnBot
Copy link

Advisory GHSA-2xf2-gjm6-g2c6 references a vulnerability in the following Go modules:

Module
github.com/ollama/ollama

Description:
A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when importing GGUF models with a crafted type for block_count in the Modelfile. This can lead to a denial of service (DoS) condition when the server processes the model, causing it to crash.

References:

Cross references:

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/ollama/ollama
      vulnerable_at: 0.7.0
summary: Ollama Divide by Zero Vulnerability in github.com/ollama/ollama
cves:
    - CVE-2024-8063
ghsas:
    - GHSA-2xf2-gjm6-g2c6
references:
    - advisory: https://github.com/advisories/GHSA-2xf2-gjm6-g2c6
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-8063
    - report: https://github.com/ollama/ollama/issues/8020
    - web: https://huntr.com/bounties/fd8e1ed6-21d2-4c9e-8395-2098f11b7db9
source:
    id: GHSA-2xf2-gjm6-g2c6
    created: 2025-05-15T18:01:33.93856887Z
review_status: UNREVIEWED
@thatnealpatel thatnealpatel added high priority triaged waiting the issue is waiting for additional information from an external source and removed NeedsTriage labels May 15, 2025
@thatnealpatel
Copy link
Member

Advisory lists no fix.

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/673316 mentions this issue: data/reports: add GO-2025-3689

gopherbot pushed a commit that referenced this issue May 15, 2025
@thatnealpatel @gopherbot
data/reports: add GO-2025-3689
adedd96 
  - data/reports/GO-2025-3689.yaml

Updates #3689

Change-Id: I8c32e3413fc52dff4c8e4bff0cf449b13b04cadd
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/673316
Auto-Submit: Neal Patel <nealpatel@google.com>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
@GoVulnBot GoVulnBot mentioned this issue May 17, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
high priority triaged waiting the issue is waiting for additional information from an external source
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gopherbot @thatnealpatel @GoVulnBot
0