CVE-2025-65637

HIGH

RHSA-2026:12273 Red Hat Security Advisory: OpenShift Container Platform 4.12.88 packages and security update

Details

CVSS v3: 7.5
NVD published: 2025-12-04 19:16:05
EPSS: <0.1% probability · 11.5th percentile — 2026-05-08
Affected versions: cpe:2.3:a:turbopuffer:logrus:*:*:*:*:*:go:*:* cpe:2.3:a:turbopuffer:logrus:1.9.0:*:*:*:*:go:*:* cpe:2.3:a:turbopuffer:logrus:1.9.2:*:*:*:*:go:*:*
Summary: A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.
Remediation: Not available in our cache.
Exploit info: https://github.com/mjuanxd/logrus-dos-poc https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md https://github.com/sirupsen/logrus/issues/1370 https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.