CVE-2024-39720
Published: 31 October 2024
Summary
CVE-2024-39720 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Ollama Ollama. Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique File and Directory Discovery (T1083); ranked in the top 47.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other Platforms; in the LLM/Generative AI Risks risk domain; MITRE ATLAS techniques in scope: External Harms (AML.T0048).
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-3003
Vulnerability details
An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a…
more
FROM statement pointing to the attacker-controlled blob file, the attacker can crash the application through the CreateModel route, leading to a segmentation fault (signal SIGSEGV: segmentation violation).
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- LLM/Generative AI Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Ollama is an open-source platform/framework for running large language models (LLMs) locally, supporting inference on CPUs/GPUs, with APIs for model management (pull/push/create). The vulnerability involves malformed GGUF model files (LLM format) causing DoS during model creation/loading.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2024-39720 and CVE-2024-39721 enable DoS via application exploitation (crashes, out-of-bounds, loops); CVE-2024-39719/39722 enable file/directory discovery via disclosures/path traversal; shadow vulns allow unverified model pull (ingress tool transfer) and unauthorized model push (exfiltration over web service).
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.