{"id":"GHSA-89qx-m49c-8crf","summary":"Ollama Allows Out-of-Bounds Read","details":"A vulnerability in Ollama versions \u003c=0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama server. When the server processes this malicious model, it crashes, leading to a Denial of Service (DoS) attack. The root cause of the issue is an out-of-bounds read in the gguf.go file.","aliases":["CVE-2024-12055","GO-2025-3558"],"modified":"2025-03-31T17:44:31.543517Z","published":"2025-03-20T12:32:42Z","database_specific":{"cwe_ids":["CWE-125"],"nvd_published_at":"2025-03-20T10:15:26Z","github_reviewed":true,"github_reviewed_at":"2025-03-22T00:19:54Z","severity":"HIGH"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-12055"},{"type":"PACKAGE","url":"https://github.com/ollama/ollama"},{"type":"WEB","url":"https://huntr.com/bounties/7b111d55-8215-4727-8807-c5ed4cf1bfbe"}],"affected":[{"package":{"name":"github.com/ollama/ollama","ecosystem":"Go","purl":"pkg:golang/github.com/ollama/ollama"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"last_affected":"0.3.14"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-89qx-m49c-8crf/GHSA-89qx-m49c-8crf.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}