VYPR

apk package

chainguard/ollama-fips

pkg:apk/chainguard/ollama-fips

Vulnerabilities (45)

  • CVE-2026-39820HigMay 7, 2026
    affected < 0fixed 0

    Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.

  • CVE-2026-39819MedMay 7, 2026
    affected < 0.23.2-r0fixed 0.23.2-r0

    The "go bug" command writes to two files with predictable names in the system temporary directory (for example, "/tmp"). An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink.

  • CVE-2026-39817MedMay 7, 2026
    affected < 0.23.2-r0fixed 0.23.2-r0

    The "go tool pack" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem.

  • CVE-2026-33814HigMay 7, 2026
    affected < 0.23.2-r0fixed 0.23.2-r0

    When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

  • CVE-2026-33811HigMay 7, 2026
    affected < 0fixed 0

    When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.

  • CVE-2026-33813HigApr 21, 2026
    affected < 0.24.0-r1fixed 0.24.0-r1

    Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.

  • CVE-2026-33812MedApr 21, 2026
    affected < 0fixed 0

    Parsing a malicious font file can cause excessive memory allocation.

  • CVE-2026-32285HigMar 26, 2026
    affected < 0.18.2-r1fixed 0.18.2-r1

    The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.

  • CVE-2026-33809MedMar 25, 2026
    affected < 0.19.0-r1fixed 0.19.0-r1

    A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.

  • CVE-2026-27142MedMar 6, 2026
    affected < 0.17.7-r1fixed 0.17.7-r1

    Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escap

  • CVE-2026-27139LowMar 6, 2026
    affected < 0.17.7-r1fixed 0.17.7-r1

    On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary

  • CVE-2026-25679HigMar 6, 2026
    affected < 0.17.7-r1fixed 0.17.7-r1

    url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

  • CVE-2026-27141HigFeb 26, 2026
    affected < 0.20.0-r0fixed 0.20.0-r0

    Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic

  • CVE-2025-63389Dec 18, 2025
    affected < 0.14.0-r0fixed 0.14.0-r0

    A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management op

  • CVE-2025-61729Dec 2, 2025
    affected < 0.13.1-r1fixed 0.13.1-r1

    Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a

  • CVE-2025-47914Nov 19, 2025
    affected < 0.13.0-r1fixed 0.13.0-r1

    SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

  • CVE-2025-58181Nov 19, 2025
    affected < 0.13.0-r1fixed 0.13.0-r1

    SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

  • CVE-2025-51471Jul 22, 2025
    affected < 0.12.10-r0fixed 0.12.10-r0

    Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint.

  • CVE-2025-4673MedJun 11, 2025
    affected < 0.9.0-r1fixed 0.9.0-r1

    Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

  • CVE-2025-22874HigJun 11, 2025
    affected < 0.9.0-r1fixed 0.9.0-r1

    Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.