I responsibly disclosed 5 vulnerabilities in Ollama and LiteLLM through Huntr - now publicly disclosed after 90 days
▲ 233 r/llmsecurity+1 crossposts

I responsibly disclosed 5 vulnerabilities in Ollama and LiteLLM through Huntr - now publicly disclosed after 90 days

Over the past few months, I conducted security research on Ollama and LiteLLM and reported several vulnerabilities through Huntr's coordinated vulnerability disclosure program.

Following the standard 90 day disclosure period, the findings have now been publicly disclosed.

The research resulted in five reported vulnerabilities. In Ollama, I identified a GGUF String Length Panic vulnerability that could lead to denial of service, as well as an unbounded vocab_size resource exhaustion issue that could cause excessive memory and CPU consumption. In LiteLLM, I reported a Pass-the-Hash authentication bypass, an SSRF vulnerability through custom guardrails, and a Unicode normalization issue that could lead to sandbox escape scenarios. What stood out during this research was how many impactful security issues originated from areas that are often overlooked in AI infrastructure, including model parsing and conversion pipelines, resource allocation controls, authentication logic, network trust boundaries, and Unicode normalization edge cases.

The repositories contain technical details, root cause analyses, proof of concepts, impact assessments, remediation recommendations, and links to the published Huntr disclosures.

Ollama research:

https://github.com/regaan/ollama-security-research

LiteLLM research:

https://github.com/regaan/litellm-vulnerability-research

All research was conducted and disclosed responsibly. The published material is intended strictly for educational, defensive, and research purposes. I am happy to answer questions about the disclosure process, research methodology, root cause analysis, or AI and LLM security in general.

u/rothackers — 2 days ago

I built a fully offline password manager with no accounts or cloud sync

I built a fully offline password manager because I got tired of password managers pushing subscriptions, cloud sync, telemetry, and account systems. Lockroot is designed to be completely local, with no accounts, no cloud sync, no analytics, no ads, and an encrypted local vault only. It currently works on Android, iOS, macOS, Windows, and Linux.

For the crypto stack, I'm using Argon2id along with XChaCha20-Poly1305 and AES-256-GCM. One intentional design choice is that there’s no password recovery or backdoor reset mechanism,if the master password is lost, the vault is unrecoverable by design.

I mainly built this as a security/privacy-focused engineering project and would genuinely appreciate feedback from people here, especially around the architecture, cryptographic decisions, and overall threat model.

GitHub: https://github.com/regaan/LockRoot

Website: https://lockroot.rothackers.com

reddit.com
u/rothackers — 1 month ago