VDB
RHSA-2026%3A2673
RHSA-2026%3A2673
PUBLISHED
CVSS 7.5 HIGH
A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer() processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying writer pipe to close. In affected versions, this leaves the Writer interface unusable and can disrupt logging functionality, potentially degrading application availability.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/openshift4/ose-sriov-network-config-daemon-rhel9@sha256:dabb2af74f8bb8d68cdece9efda671ecef132c0f920da65cf091531d74c97b17_amd64 as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-sriov-network-config-daemon-rhel9@sha256:dabb2af74f8bb8d68cdece9efda671ecef132c0f920da65cf091531d74c97b17_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-csi-driver-shared-resource-mustgather-rhel9@sha256:34e34d86baa2e58b08cdaab17eedc0da365fdbc783cb37a359194c18a0950340_amd64 as a component of Red Hat OpenShift Container Platform 4.17 | *, registry.redhat.io/openshift4/ose-csi-driver-shared-resource-mustgather-rhel9@sha256:34e34d86baa2e58b08cdaab17eedc0da365fdbc783cb37a359194c18a0950340_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-local-storage-rhel9-operator@sha256:09e1b0c7e5831d84ac9d819b3f80f6091d8a127e24863b5e531e78e6c9945c3d_amd64 as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-local-storage-rhel9-operator@sha256:09e1b0c7e5831d84ac9d819b3f80f6091d8a127e24863b5e531e78e6c9945c3d_amd64, * |
| Red Hat | registry.redhat.io/openshift4/ose-sriov-network-device-plugin-rhel9@sha256:cc751779949c3e4bc2d35a16c8fd3f736b466e744bdbf7dbe0a5ff95e90d3fd1_ppc64le as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-sriov-network-device-plugin-rhel9@sha256:cc751779949c3e4bc2d35a16c8fd3f736b466e744bdbf7dbe0a5ff95e90d3fd1_ppc64le, * |
| Red Hat | registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel9@sha256:17780b2988451a201ce0b8b03419412fb929f5d319a88c855c8f5a961833385a_amd64 as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel9@sha256:17780b2988451a201ce0b8b03419412fb929f5d319a88c855c8f5a961833385a_amd64, * |
| Red Hat | registry.redhat.io/openshift4/ose-secrets-store-csi-driver-rhel9@sha256:ad0864249dab7015c03479d1608e7b851ff205bb54b922b61662d82dc76b1f10_amd64 as a component of Red Hat OpenShift Container Platform 4.17 | * |
| Red Hat | registry.redhat.io/openshift4/ose-ptp-rhel9@sha256:1a3bfce542c46b7a896d187ad21c19042ab8f32c7b15704229c7d8a4a43975aa_arm64 as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-ptp-rhel9@sha256:1a3bfce542c46b7a896d187ad21c19042ab8f32c7b15704229c7d8a4a43975aa_arm64 |
| Red Hat | registry.redhat.io/openshift4/ose-local-storage-mustgather-rhel9@sha256:ae465f76e687c9367e46a789c917622f992801d7c0f3e3dfc6b717860c754b50_s390x as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-local-storage-mustgather-rhel9@sha256:ae465f76e687c9367e46a789c917622f992801d7c0f3e3dfc6b717860c754b50_s390x, * |
| Red Hat | registry.redhat.io/openshift4/ptp-must-gather-rhel9@sha256:50ff7dbe06740a322ad9d52911d364c509ee9cf2af101231e392fbf3fb0d35ce_amd64 as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ptp-must-gather-rhel9@sha256:50ff7dbe06740a322ad9d52911d364c509ee9cf2af101231e392fbf3fb0d35ce_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-ansible-rhel9-operator@sha256:1263433dbca37b36a0497eafac48ddd5e496ba465d6a83bbee1b89150d7f338c_arm64 as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-ansible-rhel9-operator@sha256:1263433dbca37b36a0497eafac48ddd5e496ba465d6a83bbee1b89150d7f338c_arm64 |
| Red Hat | registry.redhat.io/openshift4/kube-compare-artifacts-rhel9@sha256:d2fd1f6ee5f14ff3a50abf70b2cde1e68767db55bf03df22e92a1279dc910f0e_arm64 as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/kube-compare-artifacts-rhel9@sha256:d2fd1f6ee5f14ff3a50abf70b2cde1e68767db55bf03df22e92a1279dc910f0e_arm64 |
| Red Hat | registry.redhat.io/openshift4/ose-dpu-daemon-rhel9@sha256:a21da5717648f46ed5f7e30faa608649c6e1e68521d5db48231abde21e4ebfc5_amd64 as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-dpu-daemon-rhel9@sha256:a21da5717648f46ed5f7e30faa608649c6e1e68521d5db48231abde21e4ebfc5_amd64 |
| Red Hat | registry.redhat.io/openshift4/nmstate-console-plugin-rhel9@sha256:65896364d8599662e1c748ee8f7eb4f9edc034a9f30ade94cfcf60a8b86fd49a_ppc64le as a component of Red Hat OpenShift Container Platform 4.17 | *, * |
| Red Hat | registry.redhat.io/openshift4/metallb-rhel9@sha256:a58716ca24752cb8bf55ab17d52ecafc3b6c9c500ed436cca70d8a7979712013_s390x as a component of Red Hat OpenShift Container Platform 4.17 | *, registry.redhat.io/openshift4/metallb-rhel9@sha256:a58716ca24752cb8bf55ab17d52ecafc3b6c9c500ed436cca70d8a7979712013_s390x |
| Red Hat | registry.redhat.io/openshift4/pf-status-relay-rhel9@sha256:a09e9de2e647b521a258f5415e74be063bb37a4d668f75c06fa58b52eb6b31fd_arm64 as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/pf-status-relay-rhel9@sha256:a09e9de2e647b521a258f5415e74be063bb37a4d668f75c06fa58b52eb6b31fd_arm64 |
| Red Hat | registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel9@sha256:bfd5b3e6f7fff106f038fec31bfacc041e416472385d3f013812a232d6953214_s390x as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel9@sha256:bfd5b3e6f7fff106f038fec31bfacc041e416472385d3f013812a232d6953214_s390x |
| Red Hat | registry.redhat.io/openshift4/rdma-cni-rhel9@sha256:893b04c978bb97702b55127b61adb039b9e8450a51d731b84475bceed7afc2e1_ppc64le as a component of Red Hat OpenShift Container Platform 4.17 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-local-storage-rhel9-operator@sha256:0ed1d4442e785bade22032545e4e15387a96030f4b268c25b999b904e24bf1b7_arm64 as a component of Red Hat OpenShift Container Platform 4.17 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-ptp-rhel9-operator@sha256:33801b295b99afd00d294d695e20a57e951182c8408f8e2b813448e83ebcee82_ppc64le as a component of Red Hat OpenShift Container Platform 4.17 | *, registry.redhat.io/openshift4/ose-ptp-rhel9-operator@sha256:33801b295b99afd00d294d695e20a57e951182c8408f8e2b813448e83ebcee82_ppc64le |
| Red Hat | registry.redhat.io/openshift4/ose-secrets-store-csi-driver-rhel9@sha256:6f40413e36c98efa1da42f49b65a47d51b61991402fb482dda5ca3d2b71147e7_arm64 as a component of Red Hat OpenShift Container Platform 4.17 | registry.redhat.io/openshift4/ose-secrets-store-csi-driver-rhel9@sha256:6f40413e36c98efa1da42f49b65a47d51b61991402fb482dda5ca3d2b71147e7_arm64 |
…and 362 more
Timeline
- Feb 17, 2026 CVE Published
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- May 13, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2026:2673 advisory
- https://access.redhat.com/security/cve/CVE-2025-65637 advisory
- https://access.redhat.com/security/updates/classification/ advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2673.json advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2418900 issue
- https://www.cve.org/CVERecord?id=CVE-2025-65637 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-65637 advisory
- https://github.com/mjuanxd/logrus-dos-poc exploit
- https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md exploit
- https://github.com/sirupsen/logrus/issues/1370 advisory
- https://github.com/sirupsen/logrus/pull/1376 advisory
- https://github.com/sirupsen/logrus/releases/tag/v1.8.3 advisory
- https://github.com/sirupsen/logrus/releases/tag/v1.9.1 advisory
- https://github.com/sirupsen/logrus/releases/tag/v1.9.3 advisory
- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391 advisory