CVE-2025-0317: Ollama Divide By Zero vulnerability

March 20, 2025 (updated March 22, 2025)

A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to upload and create a customized GGUF model file on the Ollama server. This can lead to a division by zero error in the ggufPadding function, causing the server to crash and resulting in a Denial of Service (DoS) attack.

References

github.com/advisories/GHSA-9gcr-28rp-cc24
github.com/ollama/ollama
huntr.com/bounties/a9951bca-9bd8-49b2-b143-4cd4219f9fa0
nvd.nist.gov/vuln/detail/CVE-2025-0317

Code Behaviors & Features

Detect and mitigate CVE-2025-0317 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →