Описание
A flaw was found in Ollama. This vulnerability allows a malicious user to cause a denial of service (DoS) attack via improper validation of array index bounds in the GGUF model handling code, which can be exploited remotely over a network.
Отчет
This CVE has been marked as Rejected by the assigning CNA. No Red Hat products are affected by this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/platform-resource-runner-rhel8 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-25/lightspeed-rhel8 | Not affected |
Показывать по
Дополнительная информация
7.5 High
CVSS3
Связанные уязвимости
Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-12055. Notes: All CVE users should reference CVE-2024-12055 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage.
A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a GGUF model that can cause a denial of service (DoS) attack. The vulnerability is due to improper validation of array index bounds in the GGUF model handling code, which can be exploited via a remote network.
7.5 High
CVSS3