Описание
An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata
A flaw was found in ollama. A remote attacker can exploit this vulnerability by providing untrusted GGUF (GGML Unified Format) metadata with a specially crafted string length. This can cause the readGGUFV1String function to improperly process the input, leading to a denial of service, which makes the service unavailable to legitimate users.
Отчет
This vulnerability is rated Moderate for Red Hat products. An issue in ollama allows a remote attacker to cause a denial of service by providing untrusted GGUF metadata. This affects Red Hat Ansible Automation Platform versions 2.4, 2.5, and 2.6, as well as Community Projects including Fedora and Red Hat OpenShift AI.
Меры по смягчению последствий
To reduce the risk of exploitation, ensure that the ollama service processes GGUF metadata only from trusted and verified sources. Avoid loading or processing GGUF files from untrusted or unverified origins.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/de-minimal-rhel8 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/de-minimal-rhel9 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/de-supported-rhel8 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/de-supported-rhel9 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-minimal-rhel8 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-minimal-rhel9 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-supported-rhel8 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-supported-rhel9 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/lightspeed-rhel8 | Not affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/platform-resource-runner-rhel8 | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata
An issue in ollama v.0.12.10 allows a remote attacker to cause a denia ...
An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata
Уязвимость функции readGGUFV1String() системы запуска и управления большими языковыми моделями (LLM) Ollama, позволяющая нарушителю вызвать отказ в обслуживании
7.5 High
CVSS3