GGUF readArrayData() Unbounded Memory Allocation β DoS PoC
WARNING: MALICIOUS FILE β SECURITY RESEARCH ONLY
Vulnerability
File: fs/gguf/gguf.go
Function: readArrayData()
Type: Denial of Service (Unbounded Memory Allocation / OOM)
Description
Ollama's Go GGUF parser has no upper bound check on array length in readArrayData().
When reading array metadata, make([]T, n) is called with a uint64 n from the file,
without validating that n is within reasonable bounds.
func readArrayData[T any](f *File, n uint64) (s []T, err error) {
s = make([]T, n) // n attacker-controlled, no bounds check
...
}
With array_length = 0x100000000 (2^32) and uint64 elements:
- 2^32 Γ 8 bytes = 32 GB allocation attempt β OOM panic β service crash
Impact
- Severity: High (CVSS 7.5)
- Attack Vector: Upload malicious GGUF to Ollama server β OOM crash
- Authentication: None required (unauthenticated API endpoint)
- Affected Versions: Ollama with Go GGUF parser (all versions prior to patch)
Reproduction
# Upload malicious GGUF
curl -X POST http://localhost:11434/api/create -d @malicious_gguf_array_overflow.gguf
# Result: OOM panic β service crash
Fix
func readArrayData[T any](f *File, n uint64) (s []T, err error) {
if n > 1<<20 { // limit to ~1M elements
return nil, errors.New("array length exceeds limit")
}
s = make([]T, n)
...
}
References
- Downloads last month
- 58
Hardware compatibility
Log In to add your hardware
We're not able to determine the quantization variants.
Inference Providers NEW
This model isn't deployed by any Inference Provider. π Ask for provider support