Описание
A vulnerability in Ollama versions <=0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama server. When the server processes this malicious model, it crashes, leading to a Denial of Service (DoS) attack. The root cause of the issue is an out-of-bounds read in the gguf.go file.
A flaw was found in Ollama. This vulnerability allows a malicious user to cause a denial of service (DoS) via a customized gguf model file uploaded to the public Ollama server, which crashes the server when processed.
Отчет
Ansible LightSpeed does not use Ollama server. The library is included in the image just for local development or testing.
Меры по смягчению последствий
Implementing an input validation to check a valid model file formats before processing would help to mitigate this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/platform-resource-runner-rhel8 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-25/lightspeed-rhel8 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A vulnerability in Ollama versions <=0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama server. When the server processes this malicious model, it crashes, leading to a Denial of Service (DoS) attack. The root cause of the issue is an out-of-bounds read in the gguf.go file.
A vulnerability in Ollama versions <=0.3.14 allows a malicious user to ...
EPSS
7.5 High
CVSS3