CVE-2024-8063 Overview
CVE-2024-8063 is a divide by zero vulnerability in ollama/ollama version 0.3.3. The flaw occurs when the server imports GGUF models containing a crafted block_count value in the Modelfile. An attacker who can submit a malicious model triggers a divide by zero condition during model processing. This crashes the server and produces a denial of service. The weakness is tracked as CWE-369: Divide By Zero and affects deployments that import untrusted GGUF model files over the network.
Critical Impact
A remote attacker can crash the Ollama server by importing a GGUF model with a malformed block_count, producing an availability outage with no authentication required.
Affected Products
- Ollama 0.3.3
- GGUF model import functionality in ollama/ollama
- Modelfile parsing component handling block_count
Discovery Timeline
- 2025-03-20 - CVE-2024-8063 published to NVD
- 2026-06-17 - Last updated in NVD database
Technical Details for CVE-2024-8063
Vulnerability Analysis
The vulnerability resides in the GGUF model import path of Ollama 0.3.3. Ollama loads model metadata from a Modelfile and uses the block_count field during tensor and layer initialization. When an attacker supplies a crafted block_count value, the server performs an arithmetic operation that divides by zero. The Go runtime raises a panic and the server process terminates.
The issue requires no authentication and is reachable over the network because Ollama exposes a model management API. Successful exploitation produces a denial of service against the inference host, disrupting any application or workflow depending on the local LLM endpoint. Confidentiality and integrity are not impacted, but availability is fully lost until the process restarts. Additional technical context is available in the Huntr Bounty Listing.
Root Cause
The root cause is missing input validation on the block_count value parsed from the Modelfile. The code path uses block_count as a divisor without checking for zero or otherwise invalid values. This satisfies the conditions described in [CWE-369].
Attack Vector
The attack vector is network-based. An attacker with access to the Ollama API submits a crafted GGUF model or Modelfile that sets block_count to a value triggering the divide by zero. When the server processes the import, it crashes. In shared or multi-tenant deployments, any user able to push or pull models can trigger the outage.
No verified proof-of-concept code is published in the referenced advisory. See the Huntr Bounty Listing for additional details.
Detection Methods for CVE-2024-8063
Indicators of Compromise
- Ollama server process terminating unexpectedly during or shortly after a model import operation
- Runtime panic or divide by zero error messages in Ollama logs referencing GGUF or tensor initialization
- Repeated POST /api/create or model push requests followed by service restarts
- Inbound model imports from untrusted or unauthenticated sources
Detection Strategies
- Monitor Ollama logs for Go runtime panics containing integer divide by zero correlated with model import operations.
- Alert on Ollama process restarts that follow API calls to model creation or import endpoints.
- Inspect submitted Modelfiles and GGUF metadata for block_count values of zero or otherwise unexpected types before they reach the server.
Monitoring Recommendations
- Track availability metrics for the Ollama API endpoint and alert on repeated short-lived outages.
- Centralize Ollama stdout and stderr in a log aggregation platform for crash pattern analysis.
- Record source IP and identity for every model import request to support attribution after a crash.
How to Mitigate CVE-2024-8063
Immediate Actions Required
- Upgrade ollama/ollama to a release later than 0.3.3 that includes the fix for CVE-2024-8063.
- Restrict network access to the Ollama API so only trusted clients can submit models.
- Disable or gate the model import and creation endpoints in environments where they are not required.
- Validate block_count and other GGUF metadata fields at an upstream proxy if patching is delayed.
Patch Information
The vulnerability is confirmed in Ollama 0.3.3. Operators should upgrade to a current Ollama release that addresses the divide by zero condition in GGUF model parsing. Review the Huntr Bounty Listing and the project release notes for the specific fixed version.
Workarounds
- Place the Ollama API behind an authenticated reverse proxy that enforces allowlists for model sources.
- Block external traffic to the default Ollama port (11434) at the host or network firewall.
- Run Ollama with an automatic restart policy and resource isolation to limit the blast radius of a crash.
- Reject Modelfiles containing zero or non-numeric block_count values at ingress before import.
# Example: restrict Ollama API to localhost and enforce systemd auto-restart
sudo systemctl edit ollama.service
# Add the following override:
# [Service]
# Environment="OLLAMA_HOST=127.0.0.1:11434"
# Restart=always
# RestartSec=5
sudo systemctl daemon-reload
sudo systemctl restart ollama
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

