CNNVD-202601-3371 Information

CNNVD ID

CNNVD-202601-3371

Related CVE

CVE-2025-66960

• CNNVD Published: 2026-01-21

Description (Chinese)

Ollama是Ollama开源的一个可以在本地设备上运行、管理和自定义大语言模型的工具。 Ollama 0.12.10版本存在安全漏洞，该漏洞源于fs/ggml/gguf.go中的readGGUFV1String函数从未受信任的GGUF元数据读取字符串长度，可能导致远程攻击者引发拒绝服务。

Description (English)

Ollama is a tool for operating, managing and customizing large language models on local equipment. Version 0.12.10 of Ollama has a security loophole, which stems from the length of the read-through string of the read GGFUFV1 String function in fs/ggml/gguf.go, which has never been trusted in GGF metadata, and may lead to a refusal of service by a remote attacker.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Ollama

Published

2026-01-21

Last Modified

2026-02-24

References

https://github.com/ollama/ollama/issues/9820 https://zero.shotlearni.ng/blog/cve-2025-66960guf-v1-string-length-cause-panic-in-readggufv1string/

Patch

https://github.com/ollama/ollama/releases