High severityNVD Advisory· Published May 16, 2025· Updated May 16, 2025
Improper Validation of Array Index in ollama/ollama
CVE-2025-1975
Description
A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/ollama/ollamaGo | <= 0.5.11 | — |
Affected products
5- osv-coords4 versionspkg:apk/chainguard/k8sgptpkg:apk/wolfi/k8sgptpkg:golang/github.com/ollama/ollamapkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
< 0.4.28-r0+ 3 more
- (no CPE)range: < 0.4.28-r0
- (no CPE)range: < 0.4.28-r0
- (no CPE)range: <= 0.5.11
- (no CPE)range: < 0.0.20250523T151856-1.1
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.