Improper Handling of Length Parameter Inconsistency

Overview Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency in the readGGUFV1String function, which is exposed over the /blobs and /create endpoints. An attacker can cause the service to become unavailable by submitting malicious GGUF metadata...

CVE-2025-66960

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata...

PT-2026-3790

Name of the Vulnerable Software and Affected Versions Ollama versions prior to 0.12.10 Description An issue exists in the readGGUFV1String function within the Ollama large language model LLM launch and management system. Insufficient input validation in this function can allow a remote attacker t...

Improper Handling of Length Parameter Inconsistency

Overview Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency in readGGUFString. An attacker can cause the service to become unavailable by supplying malicious GGUF metadata. Details Denial of Service DoS describes a family of attacks, all aimed ...