Home > Vulnerability Database > CVE-2024-12886

Mend.io Vulnerability Database

CVE-2024-12886

Date: March 20, 2025

An Out-Of-Memory (OOM) vulnerability exists in the "ollama" server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the "ollama" server crashing. The vulnerability is present in the "makeRequestWithRetry" and "getAuthorizationToken" functions, which use "io.ReadAll" to read the response body. This can result in excessive memory usage and a Denial of Service (DoS) condition.

Severity Score

7.5

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-12886

Url: https://github.com/ollama/ollama

Url: https://github.com/advisories/GHSA-v464-r2r9-www7

Url: https://huntr.com/bounties/f115fe52-58af-4844-ad29-b1c25f7245df

Url: https://www.mend.io/vulnerability-database/CVE-2024-12886

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-12886

Date: March 20, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?