CVE-2024-39720 is a vulnerability identified in the Ollama software prior to version 0.1.46. The flaw arises from insufficient validation and handling of GGUF files uploaded via HTTP requests. An attacker can exploit this by sending two HTTP requests: the first uploads a malformed GGUF file containing only 4 bytes beginning with the GGUF custom magic header, and the second involves a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file. When the application processes this Modelfile through the CreateModel route, it attempts to read or parse the malformed GGUF file, leading to an out-of-bounds memory access and causing a segmentation fault (SIGSEGV). This results in the application crashing, effectively causing a denial-of-service condition. The vulnerability is categorized under CWE-125, indicating an out-of-bounds read error. The CVSS v3.1 base score is 8.2, with the vector indicating the attack can be performed remotely over the network without any privileges or user interaction, impacting availability severely and confidentiality to a limited extent. No patches or exploits are currently publicly available, but the issue is documented and should be addressed promptly. The vulnerability affects all versions of Ollama before 0.1.46, though exact affected versions are not specified. The attack surface includes any exposed HTTP endpoints that accept GGUF file uploads and process Modelfiles, making it critical for organizations running Ollama in production environments to assess exposure and apply mitigations.

The primary impact of CVE-2024-39720 is a denial-of-service condition caused by application crashes due to segmentation faults. This can disrupt services relying on Ollama, potentially halting AI model loading or inference workflows that depend on the CreateModel route. While the confidentiality and integrity impacts are limited, the availability impact is high, especially for organizations using Ollama in production or critical environments. Attackers can exploit this vulnerability remotely without authentication or user interaction, increasing the risk of widespread disruption. Systems exposed to the internet or untrusted networks are particularly vulnerable. This could lead to operational downtime, loss of productivity, and potential cascading failures in dependent systems. Given the nature of the vulnerability, it does not appear to allow code execution or data leakage but could be leveraged as part of a broader attack chain to degrade service or distract defenders.

To mitigate CVE-2024-39720, organizations should: 1) Upgrade Ollama to version 0.1.46 or later as soon as the patch is available to ensure the vulnerability is fixed. 2) Restrict network access to the Ollama HTTP endpoints that accept GGUF file uploads, limiting exposure to trusted networks or VPNs. 3) Implement input validation and filtering at the network or application layer to detect and block malformed GGUF files or suspicious Modelfiles containing FROM statements referencing untrusted sources. 4) Monitor application logs and network traffic for unusual upload patterns or repeated segmentation faults indicative of exploitation attempts. 5) Employ runtime protections such as memory safety tools or container isolation to reduce the impact of crashes. 6) Conduct regular security assessments and penetration tests focusing on file upload functionalities. 7) Prepare incident response plans to quickly recover from potential denial-of-service events caused by exploitation of this vulnerability.