Ollama/Ollama Divide-By-Zero Vulnerability Leading to Denial-of-Service

A divide-by-zero vulnerability has been identified in Ollama/Ollama version 0.3.3. This issue arises when importing GGUF models that contain a manipulated type for 'block_count' in the Modelfile. The vulnerability can cause a denial-of-service condition by crashing the server while processing the model.

Impact

Exploiting this vulnerability causes the Ollama server to crash, disrupting any ongoing queries or responses related to other valid models.

Reproduction

To reproduce this vulnerability, first create a GGUF file with a string-type 'unknown.block_count' key. This crafted GGUF file can be found as 'test.gguf' in a provided zip file. Once the GGUF file is ready, upload it to the Ollama server using the API create endpoint. After the model is created, initiate a chat with the model through the API chat endpoint. The server will crash due to the divide-by-zero error.