Bug 2418900 (CVE-2025-65637) - CVE-2025-65637 github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload
Summary: CVE-2025-65637 github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial...
Keywords:
Status: NEW
Alias: CVE-2025-65637
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2422162 2422163 2422164 2422166 2422168 2422169 2422171 2422172 2422173 2422174 2422176 2422177 2422178 2422179 2422180 2422181 2422182 2422183 2422184 2422185 2422187 2422188 2422189 2422190 2422191 2422192 2422193 2422194 2422196 2422197 2422198 2422199 2422200 2422201 2422202 2422203 2422204 2422205 2422206 2422207 2422208 2422209 2422210 2422165 2422167 2422170 2422175 2422186 2422195
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-12-04 19:01 UTC by OSIDB Bzimport
Modified: 2026-03-30 16:01 UTC (History)
195 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:0425 0 None None None 2026-01-12 03:35:25 UTC
Red Hat Product Errata RHSA-2026:2519 0 None None None 2026-02-11 09:33:51 UTC
Red Hat Product Errata RHSA-2026:2520 0 None None None 2026-02-11 09:42:13 UTC
Red Hat Product Errata RHSA-2026:2658 0 None None None 2026-02-18 10:26:10 UTC
Red Hat Product Errata RHSA-2026:2670 0 None None None 2026-02-18 21:23:34 UTC
Red Hat Product Errata RHSA-2026:2685 0 None None None 2026-02-12 20:03:14 UTC
Red Hat Product Errata RHSA-2026:2686 0 None None None 2026-02-12 19:48:26 UTC
Red Hat Product Errata RHSA-2026:2687 0 None None None 2026-02-12 20:05:23 UTC
Red Hat Product Errata RHSA-2026:2688 0 None None None 2026-02-12 19:57:46 UTC
Red Hat Product Errata RHSA-2026:2746 0 None None None 2026-02-23 01:33:03 UTC
Red Hat Product Errata RHSA-2026:2973 0 None None None 2026-02-26 14:47:09 UTC
Red Hat Product Errata RHSA-2026:3428 0 None None None 2026-02-26 11:21:44 UTC
Red Hat Product Errata RHSA-2026:4418 0 None None None 2026-03-19 05:52:27 UTC
Red Hat Product Errata RHSA-2026:4531 0 None None None 2026-03-12 20:53:31 UTC
Red Hat Product Errata RHSA-2026:4532 0 None None None 2026-03-12 20:57:58 UTC
Red Hat Product Errata RHSA-2026:4533 0 None None None 2026-03-12 21:31:00 UTC
Red Hat Product Errata RHSA-2026:4580 0 None None None 2026-03-19 14:08:55 UTC
Red Hat Product Errata RHSA-2026:4693 0 None None None 2026-03-17 06:41:20 UTC
Red Hat Product Errata RHSA-2026:6191 0 None None None 2026-03-30 16:01:05 UTC

Description OSIDB Bzimport 2025-12-04 19:01:18 UTC 
A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.
Comment 1 errata-xmlrpc 2026-01-12 03:35:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:0425 https://access.redhat.com/errata/RHSA-2026:0425
Comment 2 errata-xmlrpc 2026-02-11 09:33:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:2519 https://access.redhat.com/errata/RHSA-2026:2519
Comment 3 errata-xmlrpc 2026-02-11 09:41:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:2520 https://access.redhat.com/errata/RHSA-2026:2520
Comment 4 errata-xmlrpc 2026-02-12 19:48:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:2686 https://access.redhat.com/errata/RHSA-2026:2686
Comment 5 errata-xmlrpc 2026-02-12 19:57:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:2688 https://access.redhat.com/errata/RHSA-2026:2688
Comment 6 errata-xmlrpc 2026-02-12 20:03:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:2685 https://access.redhat.com/errata/RHSA-2026:2685
Comment 7 errata-xmlrpc 2026-02-12 20:05:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:2687 https://access.redhat.com/errata/RHSA-2026:2687
Comment 8 errata-xmlrpc 2026-02-18 10:25:57 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2026:2658 https://access.redhat.com/errata/RHSA-2026:2658
Comment 9 errata-xmlrpc 2026-02-18 21:23:21 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2026:2670 https://access.redhat.com/errata/RHSA-2026:2670
Comment 10 errata-xmlrpc 2026-02-23 01:32:51 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2026:2746 https://access.redhat.com/errata/RHSA-2026:2746
Comment 11 errata-xmlrpc 2026-02-26 11:21:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:3428 https://access.redhat.com/errata/RHSA-2026:3428
Comment 12 errata-xmlrpc 2026-02-26 14:46:56 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2026:2973 https://access.redhat.com/errata/RHSA-2026:2973
Comment 13 errata-xmlrpc 2026-03-12 20:53:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:4531 https://access.redhat.com/errata/RHSA-2026:4531
Comment 14 errata-xmlrpc 2026-03-12 20:57:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:4532 https://access.redhat.com/errata/RHSA-2026:4532
Comment 15 errata-xmlrpc 2026-03-12 21:30:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:4533 https://access.redhat.com/errata/RHSA-2026:4533
Comment 16 errata-xmlrpc 2026-03-17 06:41:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:4693 https://access.redhat.com/errata/RHSA-2026:4693
Comment 17 errata-xmlrpc 2026-03-19 05:52:15 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2026:4418 https://access.redhat.com/errata/RHSA-2026:4418
Comment 18 errata-xmlrpc 2026-03-19 14:08:42 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2026:4580 https://access.redhat.com/errata/RHSA-2026:4580
Comment 19 errata-xmlrpc 2026-03-30 16:00:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:6191 https://access.redhat.com/errata/RHSA-2026:6191
Note You need to log in before you can comment on or make changes to this bug.