Primary

Context

Ollama Denial-of-Service Vulnerability in GGUF Decoder

Vulnerability

A denial-of-service vulnerability has been identified in Ollama version 0.12.10. This issue allows remote attackers to cause the server to panic and terminate by exploiting the GGUF decoder. The vulnerability arises because the decoder does not properly validate the length of data before allocating memory, leading to a runtime error that crashes the process. The issue can be reproduced by uploading a malicious GGUF file that triggers the unchecked length handling.

Impact

Exploitation of this vulnerability causes a process crash, terminating the server instance.

Reproduction

The vulnerability can be reproduced by uploading a crafted GGUF file that exploits the length handling in the GGUF decoder. This can be done using the Ollama command-line interface to create a model with the malicious GGUF file. The server will panic with a 'makeslice: len out of range' error, indicating that the unchecked length has caused a runtime error.

Added: Jan 21, 2026, 6:52 PM

Updated: Jan 21, 2026, 6:52 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

9.1

remediation

0.0

relevance

2.3

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

9.1

remediation

0.0

relevance

2.3

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ollama Denial-of-Service Vulnerability in GGUF Decoder

Vulnerability

Impact

Reproduction

Affected Products

ollama

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating