GHSA-wrh5-cmwx-q2qr
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wrh5-cmwx-q2qr
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/05/GHSA-wrh5-cmwx-q2qr/GHSA-wrh5-cmwx-q2qr.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wrh5-cmwx-q2qr
- Aliases
- Downstream
- Published
- 2025-05-16T09:30:36Z
- Modified
- 2025-05-22T19:19:12Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Ollama Server Vulnerable to Denial of Service (DoS) Attack
- Details
-
A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash.
- Database specific
{ "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-129" ], "nvd_published_at": "2025-05-16T09:15:17Z", "github_reviewed_at": "2025-05-17T15:10:13Z" }- References
Affected packages
Go / github.com/ollama/ollama
Package
- Name
- github.com/ollama/ollama
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/ollama/ollama