Out-Of-Memory Vulnerability in ollama Server by ollama
CVE-2024-12886

7.5HIGH

Key Information:

Vendor: Ollama
Status: Ollama/ollama
Vendor: CVE Published:; 20 March 2025

What is CVE-2024-12886?

An Out-Of-Memory (OOM) vulnerability has been identified in the ollama server, specifically in version 0.3.14. This issue can be exploited when an attacker sends a maliciously crafted HTTP response, known as a gzip bomb, to the server API. The vulnerability resides in the makeRequestWithRetry and getAuthorizationToken functions, both of which use io.ReadAll for reading response bodies. This design flaw may lead to excessive memory consumption, ultimately resulting in a service crash and a Denial of Service (DoS) condition.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ollama/ollama <= unspecified

References

https://huntr.com/bounties/f115fe52-58af-4844-ad29-b1c25f...

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Dec 20, 2024

JSON

Ollama

What is CVE-2024-12886?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.0

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.