7 matches found
GHSA-X9HG-5Q6G-Q3JR Ollama vulnerable to Cross-Domain Token Exposure
Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint...
GO-2025-3559 Ollama Divide By Zero vulnerability in github.com/ollama/ollama
Ollama Divide By Zero vulnerability in github.com/ollama/ollama...
GO-2025-3558 Ollama Allows Out-of-Bounds Read in github.com/ollama/ollama
Ollama Allows Out-of-Bounds Read in github.com/ollama/ollama...
Ollama Allows Out-of-Bounds Read
A vulnerability in Ollama versions =0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama server. When the server processes this malicious model, it crashes, leading to a Denial of Service DoS attack. The root cause of the issue is an...
PT-2025-12118 · Ollama · Ollama
Name of the Vulnerable Software and Affected Versions: Ollama versions =0.3.14 Description: A malicious user can create a customized gguf model file that can be uploaded to the public Ollama server, causing it to crash and leading to a Denial of Service DoS attack. The root cause of the issue is ...
PT-2025-12309 · Ollama · Ollama
Name of the Vulnerable Software and Affected Versions: ollama/ollama versions prior to 0.3.14 Description: The issue allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an unchecked null pointer dereference...
CVE-2024-45436
extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory...