golang
x/vulndb: potential Go vuln in github.com/ollama/ollama: GHSA-89qx-m49c-8crf
Advisory GHSA-89qx-m49c-8crf references a vulnerability in the following Go modules:
| Module |
|---|
| github.com/ollama/ollama |
Description: A vulnerability in Ollama versions <=0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama server. When the server processes this malicious model, it crashes, leading to a Denial of Service (DoS) attack. The root cause of the issue is an out-of-bounds read in the gguf.go file.
References:
- ADVISORY: https://github.com/advisories/GHSA-89qx-m49c-8crf
- ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-12055
- WEB: https://huntr.com/bounties/7b111d55-8215-4727-8807-c5ed4cf1bfbe
Cross references:
- github.com/ollama/ollama appears in 3 other report(s):
- data/reports/GO-2024-2901.yaml (https://github.com/golang/vulndb/issues/2901)
- data/reports/GO-2024-3104.yaml (https://github.com/golang/vulndb/issues/3104)
- data/reports/GO-2024-3245.yaml (https://github.com/golang/vulndb/issues/3245)
See doc/quickstart.md for instructions on how to triage this report.
id: GO-ID-PENDING
modules:
- module: github.com/ollama/ollama
vulnerable_at: 0.6.2
summary: Ollama Allows Out-of-Bounds Read in github.com/ollama/ollama
cves:
- CVE-2024-12055
ghsas:
- GHSA-89qx-m49c-8crf
references:
- advisory: https://github.com/advisories/GHSA-89qx-m49c-8crf
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-12055
- web: https://huntr.com/bounties/7b111d55-8215-4727-8807-c5ed4cf1bfbe
source:
id: GHSA-89qx-m49c-8crf
created: 2025-03-22T01:01:23.511182126Z
review_status: UNREVIEWED
Change https://go.dev/cl/661096 mentions this issue: data/reports: add 4 UNREVIEWED, HIGH PRIORITY reports
Change https://go.dev/cl/661355 mentions this issue: data/reports: add 4 reports
No patched version; closing for staleness.
Please open a Suggested Edit to remediate issues with this report.