VDB
RHSA-2026%3A1004
RHSA-2026%3A1004
PUBLISHED
CVSS 7.5 HIGH
A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer() processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying writer pipe to close. In affected versions, this leaves the Writer interface unusable and can disrupt logging functionality, potentially degrading application availability.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:71b303e2f59319a77c6aaa8259576085d84eda855693bbddc10391c217ad80e0_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:71b303e2f59319a77c6aaa8259576085d84eda855693bbddc10391c217ad80e0_arm64 |
| Red Hat | registry.redhat.io/openshift4/ose-sriov-dp-admission-controller@sha256:ad30c480c58432fa0149b81bfd90f9352a7b01da3f7b6278689ceae3365f1f14_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | *, registry.redhat.io/openshift4/ose-sriov-dp-admission-controller@sha256:ad30c480c58432fa0149b81bfd90f9352a7b01da3f7b6278689ceae3365f1f14_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:55fb0fa279ffeafdd6f098a6b967e533bd45a1fd3a3947f36c405e9eebe3aed7_s390x as a component of Red Hat OpenShift Container Platform 4.14 | *, registry.redhat.io/openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:55fb0fa279ffeafdd6f098a6b967e533bd45a1fd3a3947f36c405e9eebe3aed7_s390x |
| Red Hat | registry.redhat.io/openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:f41821a8106fe0b470c9ee935628b9457893adaaa2fdd26b905c7d2bcae16ec8_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:f41821a8106fe0b470c9ee935628b9457893adaaa2fdd26b905c7d2bcae16ec8_ppc64le |
| Red Hat | registry.redhat.io/openshift4/ose-sriov-dp-admission-controller@sha256:0c4d2d801365cb7d930b30f8fd8dc2f0014b986e52e9b9e01535440a74ae1ad9_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | *, * |
| Red Hat | registry.redhat.io/openshift4/nmstate-console-plugin-rhel8@sha256:12865dd331ae92b5ab97bf251057dc9172b473364445aeb2ee7e3ee69cf9bc96_s390x as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/nmstate-console-plugin-rhel8@sha256:12865dd331ae92b5ab97bf251057dc9172b473364445aeb2ee7e3ee69cf9bc96_s390x, * |
| Red Hat | registry.redhat.io/openshift4/cloud-event-proxy-rhel8@sha256:1f292cb1128d143b935ca01784676e00dceb9a2b5201469c4918ffab98a1af2b_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/cloud-event-proxy-rhel8@sha256:1f292cb1128d143b935ca01784676e00dceb9a2b5201469c4918ffab98a1af2b_arm64, * |
| Red Hat | registry.redhat.io/openshift4/ose-egress-router@sha256:e518f945388bc422643945920ca07639f20cd76e11fd7af07102a0200141111a_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | *, registry.redhat.io/openshift4/ose-egress-router@sha256:e518f945388bc422643945920ca07639f20cd76e11fd7af07102a0200141111a_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-operator-sdk-rhel8@sha256:e9412c088ecda6dd399c93473ecceb93afc507654c85ada3ef6717ec00abd83d_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | * |
| Red Hat | registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8@sha256:00e672b60409ace3511b563a1dc50aa74355a46385d62f2b5715414ecabe044a_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | *, registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8@sha256:00e672b60409ace3511b563a1dc50aa74355a46385d62f2b5715414ecabe044a_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-sriov-dp-admission-controller@sha256:0c4d2d801365cb7d930b30f8fd8dc2f0014b986e52e9b9e01535440a74ae1ad9_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-sriov-dp-admission-controller@sha256:0c4d2d801365cb7d930b30f8fd8dc2f0014b986e52e9b9e01535440a74ae1ad9_ppc64le |
| Red Hat | registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:71c3d0cc3e101bd9004861e10a2cfdbb585ce16917e991142bd3035257658c7f_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:71c3d0cc3e101bd9004861e10a2cfdbb585ce16917e991142bd3035257658c7f_arm64 |
| Red Hat | registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:4f5d15f2ced5eea7ad2294149b6b5f0df37f34f5d1984a55edbdebab8b2eb42d_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:4f5d15f2ced5eea7ad2294149b6b5f0df37f34f5d1984a55edbdebab8b2eb42d_ppc64le |
| Red Hat | registry.redhat.io/openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:fb348fee33ae66f171ba1fbba8c2a279d99f0133c47139c0553082eb79e4e6b0_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:fb348fee33ae66f171ba1fbba8c2a279d99f0133c47139c0553082eb79e4e6b0_ppc64le |
| Red Hat | registry.redhat.io/openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:6854d5b0c7b8d21d155d626b8c26b5ec61c7deef083dad25dd2eb7e520f3ba9f_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:6854d5b0c7b8d21d155d626b8c26b5ec61c7deef083dad25dd2eb7e520f3ba9f_arm64, * |
| Red Hat | registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:39d0af858c79257512d43a43af1ce34249c1b755d27bafd5c6ef678c3f5ce623_s390x as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:39d0af858c79257512d43a43af1ce34249c1b755d27bafd5c6ef678c3f5ce623_s390x |
| Red Hat | registry.redhat.io/openshift4/ose-ptp-rhel9@sha256:7b676c4ef70b99f206d01a0e8356476c3cdfb24001a1c4fde9b16b27ecec2268_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-ptp-rhel9@sha256:7b676c4ef70b99f206d01a0e8356476c3cdfb24001a1c4fde9b16b27ecec2268_arm64 |
| Red Hat | registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:97020a81f7abcbc6458a69328b9f687924c6e5fec3337436d392c00bc17bb885_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:97020a81f7abcbc6458a69328b9f687924c6e5fec3337436d392c00bc17bb885_amd64, * |
| Red Hat | registry.redhat.io/openshift4/ose-operator-sdk-rhel8@sha256:e9412c088ecda6dd399c93473ecceb93afc507654c85ada3ef6717ec00abd83d_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | *, registry.redhat.io/openshift4/ose-operator-sdk-rhel8@sha256:e9412c088ecda6dd399c93473ecceb93afc507654c85ada3ef6717ec00abd83d_ppc64le |
| Red Hat | registry.redhat.io/openshift4/ose-sriov-network-device-plugin@sha256:ede4c1fb392afea2550e3d7b149d249ca4e2163cff9f2e04ab9c110589a74d0e_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-sriov-network-device-plugin@sha256:ede4c1fb392afea2550e3d7b149d249ca4e2163cff9f2e04ab9c110589a74d0e_amd64 |
…and 296 more
Timeline
- Jan 30, 2026 CVE Published
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- May 13, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2026:1004 advisory
- https://access.redhat.com/security/cve/CVE-2025-65637 advisory
- https://access.redhat.com/security/updates/classification/ advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1004.json advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2418900 issue
- https://www.cve.org/CVERecord?id=CVE-2025-65637 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-65637 advisory
- https://github.com/mjuanxd/logrus-dos-poc exploit
- https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md exploit
- https://github.com/sirupsen/logrus/issues/1370 advisory
- https://github.com/sirupsen/logrus/pull/1376 advisory
- https://github.com/sirupsen/logrus/releases/tag/v1.8.3 advisory
- https://github.com/sirupsen/logrus/releases/tag/v1.9.1 advisory
- https://github.com/sirupsen/logrus/releases/tag/v1.9.3 advisory
- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391 advisory