Cyber Resilience

CVE-2024-39721

HighPublic PoC

Published: 31 October 2024

Published
31 October 2024
Modified
13 May 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0021 43.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-39721 is a high-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Ollama Ollama. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique File and Directory Discovery (T1083); ranked at the 43.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other Platforms; in the Other ATLAS/OWASP Terms risk domain; MITRE ATLAS techniques in scope: External Harms (AML.T0048).

EU & UK References

Vulnerability details

An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinitely (even…

more

after the HTTP request is aborted by the client).

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Ollama is an open-source platform/framework for running LLMs locally or in cloud, providing APIs for model management (create, push, pull) and inference, fitting 'Other Platforms' as an AI model serving and deployment platform.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.003 Application Exhaustion Flood Impact
Adversaries may target resource intensive features of applications to cause a denial of service (DoS), denying availability to those applications.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
T1567 Exfiltration Over Web Service Exfiltration
Adversaries may use an existing, legitimate external Web service to exfiltrate data rather than their primary command and control channel.
Why these techniques?

Path traversal and file existence disclosures enable file/directory discovery (T1083). DoS via infinite loops, crashes, and malformed inputs facilitate application exhaustion and exploitation (T1499.003, T1499.004). Vulnerabilities are exploitable remotely via public-facing Ollama API (T1190). Unauthorized model push enables exfiltration over web service (T1567).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0048: External Harms

Affected Assets

ollama
ollama
≤ 0.1.34

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-404

Contingency plan updates incorporate proper resource shutdown and release steps, preventing attackers from leveraging incomplete cleanup during recovery scenarios.

addresses: CWE-404

Mandates explicit shutdown of the network connection at session conclusion, directly addressing improper resource release.

addresses: CWE-404

Requires proper shutdown/release procedures that include overwriting or isolating data to block unintended transfer via reused system objects.

addresses: CWE-404

Procedures can mandate orderly shutdown or release of resources when failures occur, preventing improper resource handling after a fault.

References