Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NOllama
APPOllama≤ 0.13.5
Related vulnerabilities
Pominięcie uwierzytelnienia w API platformy Ollama (auth bypass)
Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/creat...
Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. U...
Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper hand...
An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder