Cyber Resilience

CVE-2024-39720

HighPublic PoC

Published: 31 October 2024

Published
31 October 2024
Modified
13 May 2025
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
EPSS Score 0.0029 52.4th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-39720 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Ollama Ollama. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique File and Directory Discovery (T1083); ranked in the top 47.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other Platforms; in the LLM/Generative AI Risks risk domain; MITRE ATLAS techniques in scope: External Harms (AML.T0048).

EU & UK References

Vulnerability details

An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a…

more

FROM statement pointing to the attacker-controlled blob file, the attacker can crash the application through the CreateModel route, leading to a segmentation fault (signal SIGSEGV: segmentation violation).

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
LLM/Generative AI Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Ollama is an open-source platform/framework for running large language models (LLMs) locally, supporting inference on CPUs/GPUs, with APIs for model management (pull/push/create). The vulnerability involves malformed GGUF model files (LLM format) causing DoS during model creation/loading.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
T1567 Exfiltration Over Web Service Exfiltration
Adversaries may use an existing, legitimate external Web service to exfiltrate data rather than their primary command and control channel.
Why these techniques?

CVE-2024-39720 and CVE-2024-39721 enable DoS via application exploitation (crashes, out-of-bounds, loops); CVE-2024-39719/39722 enable file/directory discovery via disclosures/path traversal; shadow vulns allow unverified model pull (ingress tool transfer) and unauthorized model push (exfiltration over web service).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0048: External Harms

Affected Assets

ollama
ollama
≤ 0.1.46

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References