cbcvebase.

Ollama Ollama vulnerabilities

7 known vulnerabilities affecting ollama/ollama_ollama.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH7

Vulnerabilities

Page 1 of 1
CVE-2025-0317P3HIGHCVSS 7.5≥ unspecified, ≤ latest2025-03-20
CVE-2025-0317 [HIGH] CWE-369 CVE-2025-0317: A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to upload and create a cu A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to upload and create a customized GGUF model file on the Ollama server. This can lead to a division by zero error in the ggufPadding function, causing the server to crash and resulting in a Denial of Service (DoS) attack.
nvd
CVE-2024-12886P3HIGHCVSS 7.5≥ unspecified, ≤ latest2025-03-20
CVE-2024-12886 [HIGH] CWE-409 CVE-2024-12886: An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server version 0.3.14. This vulnerabilit An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the `ollama` server crashing. The vulnerability is present in the `makeRequestWithRetry` and `getAuthorizationToken` functions, which use `io.ReadAll` to
nvd
CVE-2024-12055P3HIGHCVSS 7.5≥ unspecified, ≤ latest2025-03-20
CVE-2024-12055 [HIGH] CWE-125 CVE-2024-12055: A vulnerability in Ollama versions <=0.3.14 allows a malicious user to create a customized gguf mode A vulnerability in Ollama versions <=0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama server. When the server processes this malicious model, it crashes, leading to a Denial of Service (DoS) attack. The root cause of the issue is an out-of-bounds read in the gguf.go file.
nvd
CVE-2025-1975P3HIGHCVSS 7.5≥ unspecified, ≤ latest2025-05-16
CVE-2025-1975 [HIGH] CWE-129 CVE-2025-1975: A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Ser A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash.
nvd
CVE-2024-8063P3HIGHCVSS 7.5≥ unspecified, ≤ latest2025-03-20
CVE-2024-8063 [HIGH] CWE-369 CVE-2024-8063: A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when importing GGUF models with a crafted type for `block_count` in the Modelfile. This can lead to a denial of service (DoS) condition when the server processes the model, causing it to crash.
nvd
CVE-2025-0315P3HIGHCVSS 7.5≥ unspecified, ≤ latest2025-03-20
CVE-2025-0315 [HIGH] CWE-770 CVE-2025-0315: A vulnerability in ollama/ollama <=0.3.14 allows a malicious user to create a customized GGUF model A vulnerability in ollama/ollama <=0.3.14 allows a malicious user to create a customized GGUF model file, upload it to the Ollama server, and create it. This can cause the server to allocate unlimited memory, leading to a Denial of Service (DoS) attack.
nvd
CVE-2025-0312P3HIGHCVSS 7.5≥ unspecified, ≤ latest2025-03-20
CVE-2025-0312 [HIGH] CWE-476 CVE-2025-0312: A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a customized GG A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an unchecked null pointer dereference. This can lead to a Denial of Service (DoS) attack via remote network.
nvd
Ollama Ollama vulnerabilities | cvebase