Описание
A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to upload and create a customized GGUF model file on the Ollama server. This can lead to a division by zero error in the ggufPadding function, causing the server to crash and resulting in a Denial of Service (DoS) attack.
A flaw was found in Ollama. This vulnerability allows a malicious user to upload and create a customized GGUF model file on the Ollama server, leading to a division by zero error in the ggufPadding function. This causes the server to crash, resulting in a denial of service (DoS) attack.
Отчет
Ansible LightSpeed does not use Ollama server. The library is included in the image just for local development or testing.
Меры по смягчению последствий
Implementing an input validation to check a valid model file formats before processing would help to mitigate this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/platform-resource-runner-rhel8 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-25/lightspeed-rhel8 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to upload and create a customized GGUF model file on the Ollama server. This can lead to a division by zero error in the ggufPadding function, causing the server to crash and resulting in a Denial of Service (DoS) attack.
A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious ...
EPSS
7.5 High
CVSS3