CVE-2025-65637

Exploit

EPSS 0.04%
Veröffentlicht 04.12.2025 00:00:00
Zuletzt bearbeitet 23.12.2025 00:26:00
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Turbopuffer ≫ Logrus SwPlatformgo Version < 1.8.3

Turbopuffer ≫ Logrus Version1.9.0 SwPlatformgo

Turbopuffer ≫ Logrus Version1.9.2 SwPlatformgo

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.097

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://github.com/mjuanxd/logrus-dos-poc

Third Party Advisory

Exploit

https://github.com/sirupsen/logrus/issues/1370

Patch

Exploit

Issue Tracking

https://github.com/sirupsen/logrus/pull/1376

Patch

Issue Tracking

https://github.com/sirupsen/logrus/releases/tag/v1.8.3

Release Notes