Ollama <= 0.3.3 DoS

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(250292);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/03/13");

  script_cve_id("CVE-2024-8063");
  script_xref(name:"IAVB", value:"2025-B-0137-S");

  script_name(english:"Ollama <= 0.3.3 DoS");

  script_set_attribute(attribute:"synopsis", value:
"The Ollama instance installed on the remote host is affected by a denial of service vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Ollama installed on the remote host is prior or equal to 0.3.3. It is, therefore, affected by a
vulnerability. A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when
importing GGUF models with a crafted type for `block_count` in the Modelfile. This can lead to a denial of service (DoS)
condition when the server processes the model, causing it to crash.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://github.com/advisories/GHSA-2xf2-gjm6-g2c6");
  script_set_attribute(attribute:"solution", value:
"Upgrade Ollama to a version later than 0.3.3.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-8063");
  script_cwe_id(369);

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/03/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/08/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ollama:ollama");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Artificial Intelligence");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ollama_mac_installed.nbin", "ollama_nix_installed.nbin", "ollama_win_installed.nbin", "ollama_web_detect.nbin");
  script_require_keys("installed_sw/Ollama");

  exit(0);
}
include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'checks': [
    {
      'product': {'name': 'Ollama', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [
        {
          'max_version': '0.3.3', 'fixed_display' : 'See vendor advisory'
        }
      ]
    }
  ]
};

var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:result);