DoS using malicious gguf model file in ollama/ollama

Root

Cause CVE-2024-12055 is a denial-of-service vulnerability in Ollama versions up to and including 0.3.14. The root cause is an out-of-bounds read in the gguf.go file, triggered when the server parses a specially crafted gguf model file [2]. This flaw allows an unauthenticated, remote attacker to crash the server by uploading a malicious model file.

Attack

Vector An attacker can create a customized gguf model file that exploits the out-of-bounds read in the file parser. This file is then uploaded to a public Ollama server, which processes it and crashes [2]. The vulnerability requires no authentication and can be exploited by anyone able to upload a model—typically the default configuration of the server listens for API calls or model submissions.

Impact

Successful exploitation results in a Denial of Service (DoS) condition: the Ollama server process crashes, interrupting all model serving and API operations [2]. No data confidentiality or integrity is compromised; the impact is purely on availability.

Mitigation

The vulnerability is fixed in Ollama versions beyond 0.3.14. Users are advised to upgrade to the latest release, available from the official GitHub repository and package managers [1]. There are no publicly known workarounds for the affected versions; preventing model uploads from untrusted sources may reduce risk but is not a complete mitigation.