216.73.217.50

CVE-2024-39721

· Published 31/10/2024 20:15 · Modified 01/11/2024 16:35

Labels: CVE-2024-39721 2024-10-31CVE-2024-39721CWE-404[email protected]

Essential information

Published
31/10/2024 20:15
Modified
01/11/2024 16:35
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinitely (even after the HTTP request is aborted by the client).

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References