12 matches found
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files
A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760 , carries a CVSS score of 9.8 out of 10.0. It has been described as a case of command injection...
Ollama <= 0.3.14 Multiple Vulnerabilities
The version of Ollama installed on the remote host is prior or equal to 0.3.14. It is, therefore, affected by multiple vulnerabilities, including the following: - A vulnerability in ollama/ollama versions =0.3.14 allows a malicious user to upload and create a customized GGUF model file on the...
Division by zero
Overview Affected versions of this package are vulnerable to Division by zero via the ggufPadding function. An attacker can cause the server to crash by uploading and creating a customized GGUF model file on the server. PoC python import os import json import requests import hashlib if you use th...
GHSA-9GCR-28RP-CC24 Ollama Divide By Zero vulnerability
A vulnerability in ollama/ollama versions =0.3.14 allows a malicious user to upload and create a customized GGUF model file on the Ollama server. This can lead to a division by zero error in the ggufPadding function, causing the server to crash and resulting in a Denial of Service DoS attack...
Ollama Allows Out-of-Bounds Read
A vulnerability in Ollama versions =0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama server. When the server processes this malicious model, it crashes, leading to a Denial of Service DoS attack. The root cause of the issue is an...
CVE-2024-12055
A vulnerability in Ollama versions =0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama server. When the server processes this malicious model, it crashes, leading to a Denial of Service DoS attack. The root cause of the issue is an...
CVE-2025-0312 NULL Pointer Dereference in ollama/ollama
A vulnerability in ollama/ollama versions =0.3.14 allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an unchecked null pointer dereference. This can lead to a Denial of Service DoS attack via remote network...
CVE-2025-0317 Divide By Zero in ollama/ollama
A vulnerability in ollama/ollama versions =0.3.14 allows a malicious user to upload and create a customized GGUF model file on the Ollama server. This can lead to a division by zero error in the ggufPadding function, causing the server to crash and resulting in a Denial of Service DoS attack...
CVE-2025-0317 Divide By Zero in ollama/ollama
A vulnerability in ollama/ollama versions =0.3.14 allows a malicious user to upload and create a customized GGUF model file on the Ollama server. This can lead to a division by zero error in the ggufPadding function, causing the server to crash and resulting in a Denial of Service DoS attack...
CVE-2025-0315 Allocation of Resources Without Limits or Throttling in ollama/ollama
A vulnerability in ollama/ollama =0.3.14 allows a malicious user to create a customized GGUF model file, upload it to the Ollama server, and create it. This can cause the server to allocate unlimited memory, leading to a Denial of Service DoS attack...
CVE-2024-12055 DoS using malicious gguf model file in ollama/ollama
A vulnerability in Ollama versions =0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama server. When the server processes this malicious model, it crashes, leading to a Denial of Service DoS attack. The root cause of the issue is an...
PT-2025-12312 · Ollama · Ollama
Name of the Vulnerable Software and Affected Versions: ollama/ollama versions prior to 0.3.14 Description: A malicious user can upload and create a customized GGUF model file on the Ollama server, leading to a division by zero error in the ggufPadding function. This error causes the server to...