apk package

chainguard/ollama

pkg:apk/chainguard/ollama

Vulnerabilities (35)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-33814	Hig	7.5	< 0	0	May 7, 2026	When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.
CVE-2026-33813	Hig	7.5	< 0.24.0-r0	0.24.0-r0	Apr 21, 2026	Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.
CVE-2026-33812	Med	6.1	< 0	0	Apr 21, 2026	Parsing a malicious font file can cause excessive memory allocation.
CVE-2026-32285	Hig	7.5	< 0.18.2-r1	0.18.2-r1	Mar 26, 2026	The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.
CVE-2026-33809	Med	5.3	< 0.19.0-r1	0.19.0-r1	Mar 25, 2026	A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.
CVE-2026-27141	Hig	7.5	< 0.19.0-r2	0.19.0-r2	Feb 26, 2026	Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic
CVE-2025-63389		—	< 0.14.0-r0	0.14.0-r0	Dec 18, 2025	A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management op
CVE-2025-47914		—	< 0.13.0-r1	0.13.0-r1	Nov 19, 2025	SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.
CVE-2025-58181		—	< 0	0	Nov 19, 2025	SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.
CVE-2025-51471		—	< 0.12.10-r0	0.12.10-r0	Jul 22, 2025	Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint.
CVE-2025-4673	Med	6.8	< 0.9.0-r2	0.9.0-r2	Jun 11, 2025	Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
CVE-2025-22874	Hig	7.5	< 0.9.0-r2	0.9.0-r2	Jun 11, 2025	Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
CVE-2025-22872	Med	6.5	< 0.6.5-r1	0.6.5-r1	Apr 16, 2025	The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can resul
CVE-2025-22870	Med	4.4	< 0.6.0-r1	0.6.0-r1	Mar 12, 2025	Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.
CVE-2025-22869		—	< 0.6.2-r0	0.6.2-r0	Feb 26, 2025	SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
CVE-2025-22866	Med	4.0	< 0.5.7-r2	0.5.7-r2	Feb 6, 2025	Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recover
CVE-2024-45338	Med	5.3	< 0.5.1-r2	0.5.1-r2	Dec 18, 2024	An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
CVE-2024-45337	Cri	9.1	< 0.5.1-r1	0.5.1-r1	Dec 12, 2024	Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that
CVE-2024-34158	Hig	7.5	< 0.3.10-r0	0.3.10-r0	Sep 6, 2024	Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
CVE-2024-34156	Hig	7.5	< 0.3.10-r0	0.3.10-r0	Sep 6, 2024	Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

CVE-2026-33814HigMay 7, 2026
affected < 0fixed 0
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.
CVE-2026-33813HigApr 21, 2026
affected < 0.24.0-r0fixed 0.24.0-r0
Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.
CVE-2026-33812MedApr 21, 2026
affected < 0fixed 0
Parsing a malicious font file can cause excessive memory allocation.
CVE-2026-32285HigMar 26, 2026
affected < 0.18.2-r1fixed 0.18.2-r1
The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.
CVE-2026-33809MedMar 25, 2026
affected < 0.19.0-r1fixed 0.19.0-r1
A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.
CVE-2026-27141HigFeb 26, 2026
affected < 0.19.0-r2fixed 0.19.0-r2
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic
CVE-2025-63389Dec 18, 2025
affected < 0.14.0-r0fixed 0.14.0-r0
A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management op
CVE-2025-47914Nov 19, 2025
affected < 0.13.0-r1fixed 0.13.0-r1
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.
CVE-2025-58181Nov 19, 2025
affected < 0fixed 0
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.
CVE-2025-51471Jul 22, 2025
affected < 0.12.10-r0fixed 0.12.10-r0
Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint.
CVE-2025-4673MedJun 11, 2025
affected < 0.9.0-r2fixed 0.9.0-r2
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
CVE-2025-22874HigJun 11, 2025
affected < 0.9.0-r2fixed 0.9.0-r2
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
CVE-2025-22872MedApr 16, 2025
affected < 0.6.5-r1fixed 0.6.5-r1
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can resul
CVE-2025-22870MedMar 12, 2025
affected < 0.6.0-r1fixed 0.6.0-r1
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.
CVE-2025-22869Feb 26, 2025
affected < 0.6.2-r0fixed 0.6.2-r0
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
CVE-2025-22866MedFeb 6, 2025
affected < 0.5.7-r2fixed 0.5.7-r2
Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recover
CVE-2024-45338MedDec 18, 2024
affected < 0.5.1-r2fixed 0.5.1-r2
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
CVE-2024-45337CriDec 12, 2024
affected < 0.5.1-r1fixed 0.5.1-r1
Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that
CVE-2024-34158HigSep 6, 2024
affected < 0.3.10-r0fixed 0.3.10-r0
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
CVE-2024-34156HigSep 6, 2024
affected < 0.3.10-r0fixed 0.3.10-r0
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Page 1 of 2