CVE-2024-12886

Опубликовано: 20 мар. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

An Out-Of-Memory (OOM) vulnerability exists in the ollama server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the ollama server crashing. The vulnerability is present in the makeRequestWithRetry and getAuthorizationToken functions, which use io.ReadAll to read the response body. This can result in excessive memory usage and a Denial of Service (DoS) condition.

Ссылки

https://huntr.com/bounties/f115fe52-58af-4844-ad29-b1c25f7245df

EPSS

Процентиль: 35%

0.00144

Низкий

7.5 High

CVSS3

Дефекты

CWE-409

Связанные уязвимости

CVE-2024-12886

CVSS3: 7.5

redhat

11 месяцев назад

An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the `ollama` server crashing. The vulnerability is present in the `makeRequestWithRetry` and `getAuthorizationToken` functions, which use `io.ReadAll` to read the response body. This can result in excessive memory usage and a Denial of Service (DoS) condition.

CVE-2024-12886

CVSS3: 7.5

debian

11 месяцев назад

An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server ver ...

GHSA-v464-r2r9-www7

CVSS3: 7.5

github

11 месяцев назад

Ollama Vulnerable to Denial of Service (DoS) via Crafted GZIP

EPSS

Процентиль: 35%

0.00144

Низкий

7.5 High

CVSS3

Дефекты

CWE-409