apk package
wolfi/ollama
pkg:apk/wolfi/ollama
Vulnerabilities (37)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-46602 | — | < 0 | 0 | Jun 27, 2026 | The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption. | ||
| CVE-2026-46601 | mod | 6.5 | < 0.30.10-r1 | 0.30.10-r1 | Jun 25, 2026 | golang.org/x/image/webp: golang.org/x/image/webp: Denial of Service via malformed VP8 chunk in WebP images | |
| CVE-2026-33814 | Hig | 7.5 | < 0 | 0 | May 7, 2026 | When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0. | |
| CVE-2026-33813 | Hig | 7.5 | < 0.24.0-r0 | 0.24.0-r0 | Apr 21, 2026 | Parsing a WEBP image with an invalid, large size panics on 32-bit platforms. | |
| CVE-2026-33812 | Med | 6.1 | < 0 | 0 | Apr 21, 2026 | Parsing a malicious font file can cause excessive memory allocation. | |
| CVE-2026-32285 | Hig | 7.5 | < 0.18.2-r1 | 0.18.2-r1 | Mar 26, 2026 | The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack. | |
| CVE-2026-33809 | Med | 5.3 | < 0.19.0-r1 | 0.19.0-r1 | Mar 25, 2026 | A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error. | |
| CVE-2026-27141 | Hig | 7.5 | < 0.19.0-r2 | 0.19.0-r2 | Feb 26, 2026 | Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic | |
| CVE-2025-63389 | — | < 0.14.0-r0 | 0.14.0-r0 | Dec 18, 2025 | A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management op | ||
| CVE-2025-58181 | Med | 5.3 | < 0 | 0 | Nov 19, 2025 | SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. | |
| CVE-2025-47914 | Med | 5.3 | < 0.13.0-r1 | 0.13.0-r1 | Nov 19, 2025 | SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. | |
| CVE-2025-51471 | Med | 6.9 | < 0.12.10-r0 | 0.12.10-r0 | Jul 22, 2025 | Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint. | |
| CVE-2025-4673 | Med | 6.8 | < 0.9.0-r2 | 0.9.0-r2 | Jun 11, 2025 | Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. | |
| CVE-2025-22874 | Hig | 7.5 | < 0.9.0-r2 | 0.9.0-r2 | Jun 11, 2025 | Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. | |
| CVE-2025-22872 | Med | 6.5 | < 0.6.5-r1 | 0.6.5-r1 | Apr 16, 2025 | The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can resul | |
| CVE-2025-22870 | Med | 4.4 | < 0.6.0-r1 | 0.6.0-r1 | Mar 12, 2025 | Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied. | |
| CVE-2025-22869 | Hig | 7.5 | < 0.6.2-r0 | 0.6.2-r0 | Feb 26, 2025 | SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. | |
| CVE-2025-22866 | Med | 4.0 | < 0.5.7-r2 | 0.5.7-r2 | Feb 6, 2025 | Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recover | |
| CVE-2024-45338 | Med | 5.3 | < 0.5.1-r2 | 0.5.1-r2 | Dec 18, 2024 | An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. | |
| CVE-2024-45337 | Cri | 9.1 | < 0.5.1-r1 | 0.5.1-r1 | Dec 12, 2024 | Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that |
- CVE-2026-46602Jun 27, 2026affected < 0fixed 0
The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption.
- affected < 0.30.10-r1fixed 0.30.10-r1
golang.org/x/image/webp: golang.org/x/image/webp: Denial of Service via malformed VP8 chunk in WebP images
- affected < 0fixed 0
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.
- affected < 0.24.0-r0fixed 0.24.0-r0
Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.
- affected < 0fixed 0
Parsing a malicious font file can cause excessive memory allocation.
- affected < 0.18.2-r1fixed 0.18.2-r1
The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.
- affected < 0.19.0-r1fixed 0.19.0-r1
A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.
- affected < 0.19.0-r2fixed 0.19.0-r2
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic
- CVE-2025-63389Dec 18, 2025affected < 0.14.0-r0fixed 0.14.0-r0
A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management op
- affected < 0fixed 0
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.
- affected < 0.13.0-r1fixed 0.13.0-r1
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.
- affected < 0.12.10-r0fixed 0.12.10-r0
Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint.
- affected < 0.9.0-r2fixed 0.9.0-r2
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
- affected < 0.9.0-r2fixed 0.9.0-r2
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
- affected < 0.6.5-r1fixed 0.6.5-r1
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can resul
- affected < 0.6.0-r1fixed 0.6.0-r1
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.
- affected < 0.6.2-r0fixed 0.6.2-r0
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
- affected < 0.5.7-r2fixed 0.5.7-r2
Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recover
- affected < 0.5.1-r2fixed 0.5.1-r2
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
- affected < 0.5.1-r1fixed 0.5.1-r1
Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that
Page 1 of 2