Описание
A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an unchecked null pointer dereference. This can lead to a Denial of Service (DoS) attack via remote network.
A flaw was found in Ollama. This vulnerability allows a malicious user to create a customized GGUF model file that, when uploaded and processed on the Ollama server, causes a crash due to an unchecked null pointer dereference. This issue can lead to a denial of service (DoS) attack via a remote network.
Отчет
No Red Hat products are affected by this vulnerability. This vulnerability marked as an Important severity rating rather than a Moderate because it allows a remote, unauthenticated attacker to completely disrupt the availability of the Ollama server by triggering an unchecked NULL pointer dereference. This flaw allows for a trivial, one-step attack by uploading and creating a malicious GGUF model. Given that Ollama is often used in production environments for AI model serving, an attacker can repeatedly exploit this flaw to persistently crash the server, leading to significant downtime, operational disruptions, and potential financial loss. Furthermore, if the crash occurs in a shared or cloud-hosted environment, it could impact multiple users, escalating the overall risk.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/platform-resource-runner-rhel8 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-25/lightspeed-rhel8 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an unchecked null pointer dereference. This can lead to a Denial of Service (DoS) attack via remote network.
A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious ...
Ollama Denial of Service (DoS) via Null Pointer Dereference
EPSS
7.5 High
CVSS3