{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0313", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "REJECTED", "assignerShortName": "@huntr_ai", "dateReserved": "2025-01-07T18:07:04.389Z", "datePublished": "2025-03-20T10:11:11.766Z", "dateUpdated": "2025-04-15T15:56:56.567Z", "dateRejected": "2025-04-15T15:56:48.670Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-04-15T15:56:56.567Z"}, "rejectedReasons": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-12055. Notes: All CVE users should reference CVE-2024-12055 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage."}], "value": "** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-12055. Notes: All CVE users should reference CVE-2024-12055 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0313", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "REJECTED", "assignerShortName": "@huntr_ai", "dateReserved": "2025-01-07T18:07:04.389Z", "datePublished": "2025-03-20T10:11:11.766Z", "dateUpdated": "2025-04-15T15:56:56.567Z", "dateRejected": "2025-04-15T15:56:48.670Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-04-15T15:56:56.567Z"}, "rejectedReasons": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-12055. Notes: All CVE users should reference CVE-2024-12055 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage."}], "value": "** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-12055. Notes: All CVE users should reference CVE-2024-12055 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-12055. Notes: All CVE users should reference CVE-2024-12055 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage."}], "id": "CVE-2025-0313", "lastModified": "2025-04-15T16:15:48.077", "metrics": {}, "published": "2025-03-20T10:15:52.403", "references": [], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Rejected"}

{"bugzilla": {"description": "ollama: Improper Validation of Array Index in ollama/ollama", "id": "2353632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353632"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-129", "details": ["A flaw was found in Ollama. This vulnerability allows a malicious user to cause a denial of service (DoS) attack via improper validation of array index bounds in the GGUF model handling code, which can be exploited remotely over a network."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-0313", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-24/lightspeed-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-24/platform-resource-runner-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}], "public_date": "2025-03-20T10:11:11Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-0313\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-0313\nhttps://huntr.com/bounties/450c90f9-bc02-4560-afd4-d0aa057ac82c"], "statement": "No Red Hat products are affected by this vulnerability.\nThis vulnerability marked as high severity rather than moderate because it enables a remote attacker to crash the Ollama server entirely, disrupting all model-serving capabilities. The root cause\u2014improper array index access in readGGUFString\u2014results in a panic, which is an uncontrolled failure rather than a recoverable error. Since the attacker can trigger this crash remotely by simply uploading a specially crafted GGUF model, the impact extends beyond a local denial of service to a network-exploitable DoS attack.", "threat_severity": "Important"}