CVE-2025-0317

HIGH

ollama/ollama <=0.3.14 - DoS

Title source: llm

Description

A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to upload and create a customized GGUF model file on the Ollama server. This can lead to a division by zero error in the ggufPadding function, causing the server to crash and resulting in a Denial of Service (DoS) attack.

References (1)

[Exploit, Third Party Advisory] https://huntr.com/bounties/a9951bca-9bd8-49b2-b143-4cd4219f9fa0

Scores

CVSS v3 7.5

EPSS 0.0044

EPSS Percentile 63.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-369

Status published

Affected Products (2)

ollama/ollama < 0.3.14

ollama/ollama Go

Timeline

Published Mar 20, 2025

Tracked Since Feb 18, 2026