Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DoS using malicious gguf model file in ollama/ollama
Vulnerability Description
A vulnerability in Ollama versions <=0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama server. When the server processes this malicious model, it crashes, leading to a Denial of Service (DoS) attack. The root cause of the issue is an out-of-bounds read in the gguf.go file.
CVSS Information
N/A
Vulnerability Type
跨界内存读
Vulnerability Title
Ollama 缓冲区错误漏洞
Vulnerability Description
Ollama是Ollama开源的一个可以在本地启动并运行的大型语言模型。 Ollama 0.3.14及之前版本存在缓冲区错误漏洞,该漏洞源于gguf.go文件中越界读取,可能导致拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A