Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file, the attacker can crash the application through the CreateModel route, leading to a segmentation fault (signal SIGSEGV: segmentation violation).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ollama 安全漏洞
Vulnerability Description
Ollama是Ollama开源的一个可以在本地启动并运行的大型语言模型。 Ollama 0.1.46之前版本存在安全漏洞,该漏洞源于攻击者能通过上传畸形GGUF文件和自定义Modelfile导致应用程序崩溃,引发段错误。
CVSS Information
N/A
Vulnerability Type
N/A