data/reports: review GO-2024-3245

tatianab · tatianab · commit 1efcd6664ea2 · 2024-12-12T07:17:04.000-08:00
- data/reports/GO-2024-3245.yaml Fixes #3245 Change-Id: I17be25461d53c0b797718d482816a704f5854845 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/635418 Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
diff --git a/data/osv/GO-2024-3245.json b/data/osv/GO-2024-3245.json
@@ -4,10 +4,11 @@
   "modified": "0001-01-01T00:00:00Z",
   "published": "0001-01-01T00:00:00Z",
   "aliases": [
-    "CVE-2024-39720"
+    "CVE-2024-39720",
+    "GHSA-95j2-w8x7-hm88"
   ],
-  "summary": "CVE-2024-39720 in github.com/ollama/ollama",
-  "details": "CVE-2024-39720 in github.com/ollama/ollama",
+  "summary": "Ollama Out-of-bounds Read in github.com/ollama/ollama",
+  "details": "Ollama Out-of-bounds Read in github.com/ollama/ollama",
   "affected": [
     {
       "package": {
@@ -20,6 +21,9 @@
           "events": [
             {
               "introduced": "0"
+            },
+            {
+              "fixed": "0.1.46"
             }
           ]
         }
@@ -30,7 +34,7 @@
   "references": [
     {
       "type": "ADVISORY",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39720"
+      "url": "https://github.com/advisories/GHSA-95j2-w8x7-hm88"
     },
     {
       "type": "WEB",
@@ -43,6 +47,6 @@
   ],
   "database_specific": {
     "url": "https://pkg.go.dev/vuln/GO-2024-3245",
-    "review_status": "UNREVIEWED"
+    "review_status": "REVIEWED"
   }
 }
diff --git a/data/reports/GO-2024-3245.yaml b/data/reports/GO-2024-3245.yaml
@@ -1,15 +1,19 @@
 id: GO-2024-3245
 modules:
     - module: github.com/ollama/ollama
-      vulnerable_at: 0.3.14
-summary: CVE-2024-39720 in github.com/ollama/ollama
+      versions:
+        - fixed: 0.1.46
+      vulnerable_at: 0.1.45
+summary: Ollama Out-of-bounds Read in github.com/ollama/ollama
 cves:
     - CVE-2024-39720
+ghsas:
+    - GHSA-95j2-w8x7-hm88
 references:
-    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-39720
+    - advisory: https://github.com/advisories/GHSA-95j2-w8x7-hm88
     - web: https://github.com/ollama/ollama/compare/v0.1.45...v0.1.46#diff-782c2737eecfa83b7cb46a77c8bdaf40023e7067baccd4f806ac5517b4563131L417
     - web: https://oligo.security/blog/more-models-more-probllms
 source:
-    id: CVE-2024-39720
-    created: 2024-11-01T20:33:22.581190569Z
-review_status: UNREVIEWED
+    id: GHSA-95j2-w8x7-hm88
+    created: 2024-12-11T15:53:56.33065-05:00
+review_status: REVIEWED

Original file line number	Diff line number	Diff line change
`@@ -4,10 +4,11 @@`
`4`	`4`	`"modified": "0001-01-01T00:00:00Z",`
`5`	`5`	`"published": "0001-01-01T00:00:00Z",`
`6`	`6`	`"aliases": [`
`7`		`- "CVE-2024-39720"`
	`7`	`+ "CVE-2024-39720",`
	`8`	`+ "GHSA-95j2-w8x7-hm88"`
`8`	`9`	`],`
`9`		`- "summary": "CVE-2024-39720 in github.com/ollama/ollama",`
`10`		`- "details": "CVE-2024-39720 in github.com/ollama/ollama",`
	`10`	`+ "summary": "Ollama Out-of-bounds Read in github.com/ollama/ollama",`
	`11`	`+ "details": "Ollama Out-of-bounds Read in github.com/ollama/ollama",`
`11`	`12`	`"affected": [`
`12`	`13`	`{`
`13`	`14`	`"package": {`
`@@ -20,6 +21,9 @@`
`20`	`21`	`"events": [`
`21`	`22`	`{`
`22`	`23`	`"introduced": "0"`
	`24`	`+ },`
	`25`	`+ {`
	`26`	`+ "fixed": "0.1.46"`
`23`	`27`	`}`
`24`	`28`	`]`
`25`	`29`	`}`
`@@ -30,7 +34,7 @@`
`30`	`34`	`"references": [`
`31`	`35`	`{`
`32`	`36`	`"type": "ADVISORY",`
`33`		`- "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39720"`
	`37`	`+ "url": "https://github.com/advisories/GHSA-95j2-w8x7-hm88"`
`34`	`38`	`},`
`35`	`39`	`{`
`36`	`40`	`"type": "WEB",`
`@@ -43,6 +47,6 @@`
`43`	`47`	`],`
`44`	`48`	`"database_specific": {`
`45`	`49`	`"url": "https://pkg.go.dev/vuln/GO-2024-3245",`
`46`		`- "review_status": "UNREVIEWED"`
	`50`	`+ "review_status": "REVIEWED"`
`47`	`51`	`}`
`48`	`52`	`}`