Out-Of-Memory Vulnerability in ollama Server by ollama
CVE-2024-12886
7.5HIGH
What is CVE-2024-12886?
An Out-Of-Memory (OOM) vulnerability has been identified in the ollama server, specifically in version 0.3.14. This issue can be exploited when an attacker sends a maliciously crafted HTTP response, known as a gzip bomb, to the server API. The vulnerability resides in the makeRequestWithRetry
and getAuthorizationToken
functions, both of which use io.ReadAll
for reading response bodies. This design flaw may lead to excessive memory consumption, ultimately resulting in a service crash and a Denial of Service (DoS) condition.
Affected Version(s)
ollama/ollama <= unspecified