Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-66959

Опубликовано: 21 янв. 2026
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder

A flaw was found in ollama. A remote attacker could exploit this vulnerability by sending specially crafted input to the GGUF decoder, leading to a Denial of Service (DoS). This issue can make the service unavailable to legitimate users.

Отчет

This vulnerability is rated Moderate for Red Hat products. A remote attacker can cause a denial of service in ollama by sending a specially crafted GGUF decoder input. This affects Red Hat Ansible Automation Platform, Red Hat OpenShift AI, and Ansible Services, where ollama is utilized in various components.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/de-minimal-rhel8Not affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/de-minimal-rhel9Not affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/de-supported-rhel8Not affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/de-supported-rhel9Not affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/ee-minimal-rhel8Not affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/ee-minimal-rhel9Not affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/ee-supported-rhel8Not affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/ee-supported-rhel9Not affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/lightspeed-rhel8Not affected
Red Hat Ansible Automation Platform 2ansible-automation-platform-24/platform-resource-runner-rhel8Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-130
https://bugzilla.redhat.com/show_bug.cgi?id=2431713ollama: ollama: Denial of Service via GGUF decoder

EPSS

Процентиль: 53%
0.00295
Низкий

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-66959

CVSS3: 7.5
nvd
2 месяца назад

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder

debian логотип

CVE-2025-66959

CVSS3: 7.5
debian
2 месяца назад

An issue in ollama v.0.12.10 allows a remote attacker to cause a denia ...

github логотип

GHSA-h73v-mc67-xw25

CVSS3: 7.5
github
2 месяца назад

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder

EPSS

Процентиль: 53%
0.00295
Низкий

7.5 High

CVSS3