Cyber Resilience

CVE-2024-12055

HighPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
13 May 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0007 21.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-12055 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Ollama Ollama. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 21.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as NLP and Transformers; in the Data-Related Vulnerabilities risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-12055 is a vulnerability in Ollama versions up to and including 0.3.14, stemming from an out-of-bounds read in the gguf.go file and classified under CWE-125. This flaw allows a malicious user to create a customized GGUF model file that can be uploaded to a public Ollama server. When the server processes the malicious model, it crashes, resulting in a Denial of Service (DoS) condition. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its high availability impact.

Any unauthenticated attacker with network access can exploit this vulnerability due to its lack of prerequisite privileges or user interaction. By crafting and uploading the malicious GGUF model file to the public Ollama server, the attacker triggers the out-of-bounds read during model processing, causing the server to crash and disrupting service availability for all users.

For mitigation details, security practitioners should consult the advisory referenced at https://huntr.com/bounties/7b111d55-8215-4727-8807-c5ed4cf1bfbe, which documents the issue discovered through a bug bounty program. Upgrading to Ollama versions beyond 0.3.14 is implied as a resolution based on the affected version scope.

EU & UK References

Vulnerability details

A vulnerability in Ollama versions <=0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama server. When the server processes this malicious model, it crashes, leading to a Denial of…

more

Service (DoS) attack. The root cause of the issue is an out-of-bounds read in the gguf.go file.

CWE(s)

AI Security AnalysisAI

AI Category
NLP and Transformers
Risk Domain
Data-Related Vulnerabilities
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ollama

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The vulnerability enables a denial of service by uploading a malicious gguf model file to the public Ollama server, causing an out-of-bounds read crash during processing, matching application exploitation for endpoint DoS.

CVEs Like This One

CVE-2025-0315Same product: Ollama Ollama
CVE-2025-0317Same product: Ollama Ollama
CVE-2025-0312Same product: Ollama Ollama
CVE-2025-66960Same product: Ollama Ollama
CVE-2024-8063Same product: Ollama Ollama
CVE-2025-66959Same product: Ollama Ollama
CVE-2026-7482Same product: Ollama Ollama
CVE-2025-15514Same product: Ollama Ollama
CVE-2025-63389Same product: Ollama Ollama
CVE-2026-23388Shared CWE-125

Affected Assets

ollama
ollama
≤ 0.3.14

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Remediating the out-of-bounds read flaw in gguf.go by patching to Ollama versions beyond 0.3.14 directly eliminates the vulnerability causing the server crash.

prevent

Validating uploaded GGUF model files for proper structure and bounds before processing prevents malicious inputs from triggering the out-of-bounds read.

prevent

Implementing denial-of-service protections mitigates server crashes from processing malicious GGUF files on public Ollama servers.

References