Login Sign Up

CVE-2024-12055

7.5 HIGH
Denial of Service

📋 TL;DR

A vulnerability in Ollama versions up to 0.3.14 allows attackers to upload specially crafted gguf model files that cause an out-of-bounds read, crashing the server and creating a Denial of Service condition. This affects anyone running vulnerable Ollama servers, particularly those exposed to untrusted users who can upload models.

💻 Affected Systems

Products:
  • Ollama
Versions: <= 0.3.14
Operating Systems: All platforms running Ollama
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected Ollama versions are vulnerable if model upload functionality is enabled.

📦 What is this software?

Ollama by Ollama

View all CVEs affecting Ollama →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious actors could repeatedly crash Ollama servers, causing sustained service disruption and preventing legitimate users from accessing AI model services.

🟠

Likely Case

Attackers exploit this to cause temporary service outages by uploading malicious model files to vulnerable servers.

🟢

If Mitigated

With proper access controls and network segmentation, impact is limited to internal service disruption rather than complete compromise.

🌐 Internet-Facing: HIGH - Public Ollama servers are directly vulnerable to DoS attacks from any internet user who can upload models.
🏢 Internal Only: MEDIUM - Internal servers could still be targeted by malicious insiders or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to upload custom model files to the Ollama server, which typically requires some level of access or functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: > 0.3.14

Vendor Advisory: https://huntr.com/bounties/7b111d55-8215-4727-8807-c5ed4cf1bfbe

Restart Required: Yes

Instructions:

1. Update Ollama to version 0.3.15 or later. 2. Restart the Ollama service. 3. Verify the update was successful.

🔧 Temporary Workarounds

Restrict Model Uploads

all

Disable or restrict the ability for untrusted users to upload custom model files to the Ollama server.

Network Segmentation

all

Place Ollama servers behind firewalls and restrict access to trusted IP addresses only.

🧯 If You Can't Patch

  • Implement strict access controls to limit who can upload models to the Ollama server
  • Monitor server logs for repeated crashes or suspicious model upload attempts

🔍 How to Verify

Check if Vulnerable:

Check Ollama version with 'ollama --version' and verify if it's 0.3.14 or earlier.

Check Version:

ollama --version

Verify Fix Applied:

After updating, run 'ollama --version' to confirm version is 0.3.15 or later, then test model upload functionality.

📡 Detection & Monitoring

Log Indicators:

  • Repeated Ollama service crashes
  • Error messages related to gguf parsing failures
  • Unusual model upload activity

Network Indicators:

  • Multiple failed model upload attempts from single source
  • Unusual traffic patterns to model upload endpoints

SIEM Query:

source="ollama.log" AND ("crash" OR "panic" OR "out of bounds" OR "gguf")

📊 Metadata

CVE ID: CVE-2024-12055
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-125
EPSS Score: 0.23% exploit probability (45.7th percentile)
Published: March 20, 2025
Last Updated: May 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12055, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)