Ollama Server Out-Of-Memory Vulnerability Leading to Denial-of-Service

Vulnerability

A denial-of-service vulnerability causing excessive memory usage has been identified in Ollama Server version 0.3.14. This out-of-memory issue arises when a malicious API server sends a gzip bomb HTTP response, which the Ollama server processes using 'io.ReadAll' in the 'makeRequestWithRetry' and 'getAuthorizationToken' functions. The result is a server crash due to the overwhelming memory consumption.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the Ollama server to crash.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

7.8

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

7.8

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ollama Server Out-Of-Memory Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Affected Products

ollama

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating