HIGH🇵🇱 Wersja polska

CVE-2025-66960

CVSS 7.5v3.1pub. 2026-01-21upd. 2026-02-02

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Ollama

    APP
    Ollama
    0.12.10
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2025-63389CRITICAL9.8PL ✓ten sam produkt

Pominięcie uwierzytelnienia w API platformy Ollama (auth bypass)

CVE-2026-5757HIGH7.5ten sam produkt

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an at...

CVE-2026-7482HIGH8.8ten sam produkt

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/creat...

CVE-2026-42248HIGH7.7ten sam produkt

Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. U...

CVE-2026-42249HIGH7.7ten sam produkt

Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper hand...