An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HOllama
APPOllama0.12.10
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoS
Related vulnerabilities
CVE-2025-63389CRITICAL9.8PL ✓ten sam produkt
Pominięcie uwierzytelnienia w API platformy Ollama (auth bypass)
CVE-2026-5757HIGH7.5ten sam produkt
Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an at...
CVE-2026-7482HIGH8.8ten sam produkt
Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/creat...
CVE-2026-42248HIGH7.7ten sam produkt
Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. U...
CVE-2026-42249HIGH7.7ten sam produkt
Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper hand...