CVE-2025-65637

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-65637

Severity

7.5

High

CVSS V3

Description

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.

References

https://images.chainguard.dev/security/CGA-x6g5-735w-j3qq
https://github.com/advisories/GHSA-4f99-4q7p-p3gh
https://images.chainguard.dev/security/CGA-rw8m-pgw7-mf7c
https://images.chainguard.dev/security/CGA-gmww-rfv5-qr97
https://images.chainguard.dev/security/CGA-fq7h-6945-52pw
https://images.chainguard.dev/security/CGA-xqgq-w438-8rwj
https://images.chainguard.dev/security/CGA-4xrr-wgrh-8h86
https://images.chainguard.dev/security/CGA-5mgm-7hwh-74jx
https://images.chainguard.dev/security/CGA-gr5r-7xmw-g4jq
https://images.chainguard.dev/security/CGA-qcmp-3rxq-vp8c
https://images.chainguard.dev/security/CGA-25fp-6rr5-fjhx
https://images.chainguard.dev/security/CGA-6jg5-gfq9-226x
https://images.chainguard.dev/security/CGA-pp65-w65v-ggxr
https://images.chainguard.dev/security/CGA-3r8c-c7hw-p545
https://images.chainguard.dev/security/CGA-9r3f-c4h6-5c73
https://images.chainguard.dev/security/CGA-3gmx-xp88-xpw3
https://images.chainguard.dev/security/CGA-wpjm-jf77-7m7w
https://images.chainguard.dev/security/CGA-xf69-hjvf-jvj4
https://images.chainguard.dev/security/CGA-294f-hpjj-p84c
https://images.chainguard.dev/security/CGA-jjhq-mwh7-fvgg
https://images.chainguard.dev/security/CGA-59gr-5wxm-wvc5
https://images.chainguard.dev/security/CGA-986r-r785-5xfp
https://images.chainguard.dev/security/CGA-w4x6-22wm-6qj3
https://images.chainguard.dev/security/CGA-mm54-j82x-x9f4
https://images.chainguard.dev/security/CGA-xw9x-h2xh-5jw7
https://images.chainguard.dev/security/CGA-cq92-hwxg-mvc7
https://images.chainguard.dev/security/CGA-r5rv-whxf-32q8
https://images.chainguard.dev/security/CGA-2q93-6h2w-9q2q
https://images.chainguard.dev/security/CGA-c34x-j4hm-69mm
https://images.chainguard.dev/security/CGA-fr3p-8pqj-4hv6
https://images.chainguard.dev/security/CGA-w924-44f3-4352
https://images.chainguard.dev/security/CGA-22f3-h44f-7396
https://images.chainguard.dev/security/CGA-7p3f-fwqq-4gjw
https://images.chainguard.dev/security/CGA-2qxr-cf2m-vh77
https://images.chainguard.dev/security/CGA-9hcp-q9fp-w88h
https://images.chainguard.dev/security/CGA-ff6q-fpxj-gpx4
https://images.chainguard.dev/security/CGA-22hr-388x-h49v
https://images.chainguard.dev/security/CGA-8v85-x58r-6cc5
https://images.chainguard.dev/security/CGA-p3wq-6p2v-vcm9
https://images.chainguard.dev/security/CGA-hgp8-h5wv-p5gw
https://images.chainguard.dev/security/CGA-v5x3-g6qg-387g
https://images.chainguard.dev/security/CGA-4h6h-m287-h4rj
https://images.chainguard.dev/security/CGA-66g6-vh3r-m996
https://images.chainguard.dev/security/CGA-6m38-83rm-3vww
https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md
https://github.com/sirupsen/logrus/releases/tag/v1.8.3
https://github.com/sirupsen/logrus/releases/tag/v1.9.1
https://github.com/sirupsen/logrus/releases/tag/v1.9.3
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391
https://github.com/sirupsen/logrus/issues/1370
https://github.com/sirupsen/logrus/pull/1376
https://github.com/mjuanxd/logrus-dos-poc

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2025-65637

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company