Ollama Ollama Denial-of-Service Vulnerability via Malicious GGUF Model Upload

Vulnerability

A denial-of-service vulnerability has been identified in Ollama Ollama versions through 0.3.14. This issue allows a malicious user to upload and create a customized GGUF model file on the Ollama server. The vulnerability arises from a division by zero error in the ggufPadding function, which can cause the server to crash.

Impact

Exploitation of this vulnerability leads to a server crash, causing a denial-of-service condition.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

8.4

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

8.4

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ollama Ollama Denial-of-Service Vulnerability via Malicious GGUF Model Upload

Vulnerability

Impact

Affected Products

ollama/ollama

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating