Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Out-Of-Memory (OOM) Vulnerability in ollama/ollama
Vulnerability Description
An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the `ollama` server crashing. The vulnerability is present in the `makeRequestWithRetry` and `getAuthorizationToken` functions, which use `io.ReadAll` to read the response body. This can result in excessive memory usage and a Denial of Service (DoS) condition.
CVSS Information
N/A
Vulnerability Type
对高度压缩数据的处理不恰当(数据放大攻击)
Vulnerability Title
Ollama 资源管理错误漏洞
Vulnerability Description
Ollama是Ollama开源的一个可以在本地启动并运行的大型语言模型。 Ollama 0.3.14版本存在资源管理错误漏洞,该漏洞源于未正确处理gzip炸弹响应,可能导致内存耗尽和拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A