Miggo Logo
Miggo Vulnerability Database
CVE-2024-12055

CVE-2024-12055:
Ollama Allows Out-of-Bounds Read

7.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2024-12055
GHSA ID
GHSA-89qx-m49c-8crf
EPSS Score
0.19664%
CWE
CWE-125
Published
3/20/2025
Updated
3/22/2025
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/ollama/ollamago

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability root cause is explicitly tied to an out-of-bounds read in gguf.go. In GGUF file processing, the primary entry point would be a parsing function like parseGGUF(). Without proper validation of offsets and array indices read from the file header (common in binary format parsers), malicious values could cause reads beyond allocated buffers. This matches the described attack vector where crafted model files crash the server through OOB reads. The confidence is high as this is the core parsing function implied by the file name and vulnerability type.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility in Oll*m* v*rsions <=*.*.** *llows * m*li*ious us*r to *r**t* * *ustomiz** **u* mo**l *il* t**t **n ** uplo**** to t** pu*li* Oll*m* s*rv*r. W**n t** s*rv*r pro**ss*s t*is m*li*ious mo**l, it *r*s**s, l***in* to * **ni*l o* S*rvi** (*

Reasoning

T** vuln*r**ility root **us* is *xpli*itly ti** to *n out-o*-*oun*s r*** in `**u*.*o`. In `**U*` *il* pro**ssin*, t** prim*ry *ntry point woul* ** * p*rsin* *un*tion lik* `p*rs***U*()`. Wit*out prop*r v*li**tion o* o**s*ts *n* *rr*y in*i**s r*** *rom