CVE-2025-66960
BaseFortify
Publication date: 2026-01-21
Last updated on: 2026-02-02
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ollama | ollama | 0.12.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-66960 is a remote unauthenticated Denial-of-Service (DoS) vulnerability in Ollama's GGUF decoder, specifically in the function readGGUFV1String in fs/ggml/gguf.go. The function reads a string length from untrusted GGUF metadata without proper validation, such as checking bounds or integer overflow. This causes a panic error "bytes.Buffer: truncation out of range" when bytes.Buffer.Truncate is called with an invalid length, leading the server process to terminate unexpectedly. The vulnerability can be triggered by uploading a crafted GGUF file via the /api/blobs endpoint and creating a model using it via /api/create, causing the server to crash and lose availability. [1]
How can this vulnerability impact me? :
This vulnerability allows a remote attacker to cause a denial of service by crashing the Ollama server. By uploading a malicious GGUF file and creating a model referencing it, the attacker can trigger a panic that terminates the server process. This results in loss of availability of the affected service, causing API endpoints to fail and disrupting normal operations. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring server logs for panic errors related to 'bytes.Buffer: truncation out of range' originating from the readGGUFV1String function in fs/ggml/gguf.go. Additionally, attempts to upload GGUF files via the /api/blobs endpoint and create models via /api/create that cause the server to crash indicate exploitation. Using the provided proof-of-concept (PoC) script to upload a crafted GGUF file and trigger the panic can also confirm the vulnerability. Specific commands would involve sending HTTP POST requests to /api/blobs to upload files and to /api/create to create models, then checking server logs for panic stack traces. For example, using curl commands to upload a malicious GGUF file and create a model, followed by inspecting logs for panic messages. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or disabling the ability for untrusted clients to upload GGUF files via the /api/blobs endpoint and to create models via /api/create until a patch is available. Monitoring and blocking suspicious requests targeting these endpoints can reduce risk. Additionally, implementing input validation or filtering on uploaded GGUF metadata to prevent malformed or malicious files can help. Restarting the server after a crash and limiting access to trusted users only are also recommended until an official fix is released. [1]