Filtered by vendor Ollama
Subscriptions
Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-39721 | 1 Ollama | 1 Ollama | 2024-11-01 | 7.5 High |
An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinitely (even after the HTTP request is aborted by the client). | ||||
CVE-2024-39720 | 1 Ollama | 1 Ollama | 2024-11-01 | 8.2 High |
An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file, the attacker can crash the application through the CreateModel route, leading to a segmentation fault (signal SIGSEGV: segmentation violation). | ||||
CVE-2024-39719 | 1 Ollama | 1 Ollama | 2024-11-01 | 7.5 High |
An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file existence on the server. | ||||
CVE-2024-39722 | 1 Ollama | 1 Ollama | 2024-11-01 | 7.5 High |
An issue was discovered in Ollama before 0.1.46. It exposes which files exist on the server on which it is deployed via path traversal in the api/push route. | ||||
CVE-2024-45436 | 1 Ollama | 1 Ollama | 2024-08-30 | 9.1 Critical |
extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory. |
Page 1 of 1.