data/reports: add 4 reports

  - data/reports/GO-2025-3548.yaml
  - data/reports/GO-2025-3557.yaml
  - data/reports/GO-2025-3558.yaml
  - data/reports/GO-2025-3559.yaml

Updates #3548
Updates #3557
Updates #3558
Updates #3559

Change-Id: Iacc79cac5755612918f95062b7917700630c3a3e
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/661355
Reviewed-by: Damien Neil <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Auto-Submit: Neal Patel <[email protected]>

Author: thatnealpatel

data/osv/GO-2025-3548.json

@@ -0,0 +1,45 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2025-3548",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2024-12886",
+    "GHSA-v464-r2r9-www7"
+  ],
+  "summary": "Ollama Vulnerable to Denial of Service (DoS) via Crafted GZIP in github.com/ollama/ollama",
+  "details": "Ollama Vulnerable to Denial of Service (DoS) via Crafted GZIP in github.com/ollama/ollama",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/ollama/ollama",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-v464-r2r9-www7"
+    },
+    {
+      "type": "WEB",
+      "url": "https://huntr.com/bounties/f115fe52-58af-4844-ad29-b1c25f7245df"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2025-3548",
+    "review_status": "REVIEWED"
+  }
+}

data/osv/GO-2025-3557.json

@@ -0,0 +1,45 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2025-3557",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2025-0315",
+    "GHSA-fccc-8m69-8r78"
+  ],
+  "summary": "Ollama Allocation of Resources Without Limits or Throttling vulnerability in github.com/ollama/ollama",
+  "details": "Ollama Allocation of Resources Without Limits or Throttling vulnerability in github.com/ollama/ollama",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/ollama/ollama",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-fccc-8m69-8r78"
+    },
+    {
+      "type": "WEB",
+      "url": "https://huntr.com/bounties/da414d29-b55a-496f-b135-17e0fcec67bc"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2025-3557",
+    "review_status": "REVIEWED"
+  }
+}

data/osv/GO-2025-3558.json

@@ -0,0 +1,45 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2025-3558",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2024-12055",
+    "GHSA-89qx-m49c-8crf"
+  ],
+  "summary": "Ollama Allows Out-of-Bounds Read in github.com/ollama/ollama",
+  "details": "Ollama Allows Out-of-Bounds Read in github.com/ollama/ollama",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/ollama/ollama",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-89qx-m49c-8crf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://huntr.com/bounties/7b111d55-8215-4727-8807-c5ed4cf1bfbe"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2025-3558",
+    "review_status": "REVIEWED"
+  }
+}

data/osv/GO-2025-3559.json

@@ -0,0 +1,45 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2025-3559",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2025-0317",
+    "GHSA-9gcr-28rp-cc24"
+  ],
+  "summary": "Ollama Divide By Zero vulnerability in github.com/ollama/ollama",
+  "details": "Ollama Divide By Zero vulnerability in github.com/ollama/ollama",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/ollama/ollama",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-9gcr-28rp-cc24"
+    },
+    {
+      "type": "WEB",
+      "url": "https://huntr.com/bounties/a9951bca-9bd8-49b2-b143-4cd4219f9fa0"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2025-3559",
+    "review_status": "REVIEWED"
+  }
+}

data/reports/GO-2025-3548.yaml

@@ -0,0 +1,20 @@
+id: GO-2025-3548
+modules:
+    - module: github.com/ollama/ollama
+      vulnerable_at: 0.6.3
+summary: |-
+    Ollama Vulnerable to Denial of Service (DoS) via Crafted GZIP in
+    github.com/ollama/ollama
+cves:
+    - CVE-2024-12886
+ghsas:
+    - GHSA-v464-r2r9-www7
+references:
+    - advisory: https://github.com/advisories/GHSA-v464-r2r9-www7
+    - web: https://huntr.com/bounties/f115fe52-58af-4844-ad29-b1c25f7245df
+notes:
+    - No patch has been published at this time.
+source:
+    id: GHSA-v464-r2r9-www7
+    created: 2025-03-27T14:47:34.822586-04:00
+review_status: REVIEWED

data/reports/GO-2025-3557.yaml

@@ -0,0 +1,20 @@
+id: GO-2025-3557
+modules:
+    - module: github.com/ollama/ollama
+      vulnerable_at: 0.6.3
+summary: |-
+    Ollama Allocation of Resources Without Limits or Throttling vulnerability in
+    github.com/ollama/ollama
+cves:
+    - CVE-2025-0315
+ghsas:
+    - GHSA-fccc-8m69-8r78
+references:
+    - advisory: https://github.com/advisories/GHSA-fccc-8m69-8r78
+    - web: https://huntr.com/bounties/da414d29-b55a-496f-b135-17e0fcec67bc
+notes:
+    - No patch has been published at this time.
+source:
+    id: GHSA-fccc-8m69-8r78
+    created: 2025-03-27T14:47:45.518137-04:00
+review_status: REVIEWED

data/reports/GO-2025-3558.yaml

@@ -0,0 +1,18 @@
+id: GO-2025-3558
+modules:
+    - module: github.com/ollama/ollama
+      vulnerable_at: 0.6.3
+summary: Ollama Allows Out-of-Bounds Read in github.com/ollama/ollama
+cves:
+    - CVE-2024-12055
+ghsas:
+    - GHSA-89qx-m49c-8crf
+references:
+    - advisory: https://github.com/advisories/GHSA-89qx-m49c-8crf
+    - web: https://huntr.com/bounties/7b111d55-8215-4727-8807-c5ed4cf1bfbe
+notes:
+    - No patch has been published at this time.
+source:
+    id: GHSA-89qx-m49c-8crf
+    created: 2025-03-27T14:47:52.319054-04:00
+review_status: REVIEWED

data/reports/GO-2025-3559.yaml

@@ -0,0 +1,18 @@
+id: GO-2025-3559
+modules:
+    - module: github.com/ollama/ollama
+      vulnerable_at: 0.6.3
+summary: Ollama Divide By Zero vulnerability in github.com/ollama/ollama
+cves:
+    - CVE-2025-0317
+ghsas:
+    - GHSA-9gcr-28rp-cc24
+references:
+    - advisory: https://github.com/advisories/GHSA-9gcr-28rp-cc24
+    - web: https://huntr.com/bounties/a9951bca-9bd8-49b2-b143-4cd4219f9fa0
+notes:
+    - No patch has been published at this time.
+source:
+    id: GHSA-9gcr-28rp-cc24
+    created: 2025-03-27T14:47:58.941118-04:00
+review_status: REVIEWED