Description
Ollama downloadBlob Improper Validation of Array Index Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ollama. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the downloadBlob function. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated array. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-27277.
The specific flaw exists within the downloadBlob function. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated array. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-27277.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
| Link | Providers |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-26-403/ |
|
History
Mon, 13 Jul 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Ollama
Ollama ollama |
|
| Vendors & Products |
Ollama
Ollama ollama |
Mon, 13 Jul 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Ollama downloadBlob Improper Validation of Array Index Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ollama. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloadBlob function. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated array. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-27277. | |
| Title | Ollama downloadBlob Improper Validation of Array Index Denial-of-Service Vulnerability | |
| Weaknesses | CWE-129 | |
| References |
| |
| Metrics |
cvssV3_0
|
Status: PUBLISHED
Assigner: zdi
Published:
Updated: 2026-07-13T21:30:09.180Z
Reserved: 2026-07-13T21:29:52.777Z
Link: CVE-2026-15685
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-13T22:30:04Z
Weaknesses
-
CWE-129
Improper Validation of Array Index