Описание
A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when importing GGUF models with a crafted type for block_count in the Modelfile. This can lead to a denial of service (DoS) condition when the server processes the model, causing it to crash.
A flaw was found in Ollama. This vulnerability allows a denial of service (DoS) via a crafted Modelfile containing a specific type for block_count when importing GGUF models, leading to a server crash.
Отчет
Ansible LightSpeed does not use Ollama server. The library is included in the image just for local development or testing.
Меры по смягчению последствий
Implementing an input validation to check a valid model file formats before processing would help to mitigate this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/platform-resource-runner-rhel8 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-25/lightspeed-rhel8 | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when importing GGUF models with a crafted type for `block_count` in the Modelfile. This can lead to a denial of service (DoS) condition when the server processes the model, causing it to crash.
A divide by zero vulnerability exists in ollama/ollama version v0.3.3. ...
7.5 High
CVSS3