We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-1975

Improper Validation of Array Index in ollama/ollama



Description

A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash.

Reserved 2025-03-04 | Published 2025-05-16 | Updated 2025-05-16 | Assigner @huntr_ai


HIGH: 7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-129 Improper Validation of Array Index

Product status

Any version
affected

References

huntr.com/bounties/921ba5d4-f1d0-4c66-9764-4f72dffe7acd

cve.org (CVE-2025-1975)

nvd.nist.gov (CVE-2025-1975)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-1975

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.