VDB
RHSA-2026%3A2977
RHSA-2026%3A2977
PUBLISHED
CVSS 7.5 HIGH
A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer() processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying writer pipe to close. In affected versions, this leaves the Writer interface unusable and can disrupt logging functionality, potentially degrading application availability.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/openshift4/ose-azure-file-csi-driver-operator-rhel9@sha256:b93d01e02537b92afbeab5dbdc6133a4ce1b6bc41c2b8828b17bcd2d03a42dee_arm64 as a component of Red Hat OpenShift Container Platform 4.18 | registry.redhat.io/openshift4/ose-azure-file-csi-driver-operator-rhel9@sha256:b93d01e02537b92afbeab5dbdc6133a4ce1b6bc41c2b8828b17bcd2d03a42dee_arm64 |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-capi-rhel9-operator@sha256:8fb340ef55952f19e723410c2cba07d6a813d8d2dd8109d405f374c8bef29e3f_amd64 as a component of Red Hat OpenShift Container Platform 4.18 | registry.redhat.io/openshift4/ose-cluster-capi-rhel9-operator@sha256:8fb340ef55952f19e723410c2cba07d6a813d8d2dd8109d405f374c8bef29e3f_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-olm-catalogd-rhel9@sha256:ffb8197bdd4cd6a9f038e19c41debd299a6fa01957cb052dac71a86e9c1b3722_arm64 as a component of Red Hat OpenShift Container Platform 4.18 | registry.redhat.io/openshift4/ose-olm-catalogd-rhel9@sha256:ffb8197bdd4cd6a9f038e19c41debd299a6fa01957cb052dac71a86e9c1b3722_arm64 |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-node-tuning-rhel9-operator@sha256:1e0ca00d0608b244f6d626813de4f03889d339426e4d9fac17aabc1904e45a58_ppc64le as a component of Red Hat OpenShift Container Platform 4.18 | registry.redhat.io/openshift4/ose-cluster-node-tuning-rhel9-operator@sha256:1e0ca00d0608b244f6d626813de4f03889d339426e4d9fac17aabc1904e45a58_ppc64le, * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-cloud-controller-manager-rhel9-operator@sha256:058478a24f418191c18beed907f3d58b8466b590911b9c3ed4fb417a8676ce8c_s390x as a component of Red Hat OpenShift Container Platform 4.18 | registry.redhat.io/openshift4/ose-cluster-cloud-controller-manager-rhel9-operator@sha256:058478a24f418191c18beed907f3d58b8466b590911b9c3ed4fb417a8676ce8c_s390x, * |
| Red Hat | registry.redhat.io/openshift4/ose-operator-lifecycle-manager-rhel9@sha256:5924d3292e68b083d001df4b17ad2522e1af6f98c97c5aa157f61a684abd63f3_ppc64le as a component of Red Hat OpenShift Container Platform 4.18 | * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-kube-apiserver-rhel9-operator@sha256:7879188707cb59b86628bb97ec80a9af6ff17858913c4391325cf91231eddc55_arm64 as a component of Red Hat OpenShift Container Platform 4.18 | *, registry.redhat.io/openshift4/ose-cluster-kube-apiserver-rhel9-operator@sha256:7879188707cb59b86628bb97ec80a9af6ff17858913c4391325cf91231eddc55_arm64 |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-node-tuning-rhel9-operator@sha256:1e0ca00d0608b244f6d626813de4f03889d339426e4d9fac17aabc1904e45a58_ppc64le as a component of Red Hat OpenShift Container Platform 4.18 | registry.redhat.io/openshift4/ose-cluster-node-tuning-rhel9-operator@sha256:1e0ca00d0608b244f6d626813de4f03889d339426e4d9fac17aabc1904e45a58_ppc64le |
| Red Hat | registry.redhat.io/openshift4/ose-multus-route-override-cni-rhel9@sha256:d29da45390e536df70fd217c0b3305d8a83fd049820533390319756ebe6e489b_ppc64le as a component of Red Hat OpenShift Container Platform 4.18 | * |
| Red Hat | registry.redhat.io/openshift4/ose-docker-registry-rhel9@sha256:0ca02c61642270deb284efb418016b6206141808e8131718da7a7d3063faf22e_arm64 as a component of Red Hat OpenShift Container Platform 4.18 | registry.redhat.io/openshift4/ose-docker-registry-rhel9@sha256:0ca02c61642270deb284efb418016b6206141808e8131718da7a7d3063faf22e_arm64 |
| Red Hat | registry.redhat.io/openshift4/ovirt-csi-driver-rhel9@sha256:85bf81d6e55d3b8244248975b797f1ffb6c7c452b5e30f3c2fb136a1a7f3f58c_s390x as a component of Red Hat OpenShift Container Platform 4.18 | *, * |
| Red Hat | registry.redhat.io/openshift4/driver-toolkit-rhel9@sha256:9e995728d7d4ea4fabaf827a7381417b054ac8b4146bcb2c78cbf90d6e70859d_arm64 as a component of Red Hat OpenShift Container Platform 4.18 | registry.redhat.io/openshift4/driver-toolkit-rhel9@sha256:9e995728d7d4ea4fabaf827a7381417b054ac8b4146bcb2c78cbf90d6e70859d_arm64 |
| Red Hat | registry.redhat.io/openshift4/ose-csi-node-driver-registrar-rhel9@sha256:3390e724eac64c0e756dc81570512c1985aaffb2bde883460d6f8b9e3803b8a1_arm64 as a component of Red Hat OpenShift Container Platform 4.18 | registry.redhat.io/openshift4/ose-csi-node-driver-registrar-rhel9@sha256:3390e724eac64c0e756dc81570512c1985aaffb2bde883460d6f8b9e3803b8a1_arm64, * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-kube-cluster-api-rhel9-operator@sha256:c1048ad0e5126bbd952143b3dd9851347c547a06764e536e61915c88be6dabc3_amd64 as a component of Red Hat OpenShift Container Platform 4.18 | registry.redhat.io/openshift4/ose-cluster-kube-cluster-api-rhel9-operator@sha256:c1048ad0e5126bbd952143b3dd9851347c547a06764e536e61915c88be6dabc3_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-gcp-workload-identity-federation-webhook-rhel9@sha256:259cb057a776cd4b2be6dbf5ae36c2adad269cb6388a8babaf3edf2e9caaf4b8_arm64 as a component of Red Hat OpenShift Container Platform 4.18 | * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-network-rhel9-operator@sha256:dd13c1abc318eb4cbb97b9ad89149d1706d576d0705e26d313af74a6b71d52bc_s390x as a component of Red Hat OpenShift Container Platform 4.18 | registry.redhat.io/openshift4/ose-cluster-network-rhel9-operator@sha256:dd13c1abc318eb4cbb97b9ad89149d1706d576d0705e26d313af74a6b71d52bc_s390x |
| Red Hat | registry.redhat.io/openshift4/ose-operator-marketplace-rhel9@sha256:b714a7ada1e295b599b432f32e1fd5b74c8cdbe6fe51e95306322b25cb873914_amd64 as a component of Red Hat OpenShift Container Platform 4.18 | registry.redhat.io/openshift4/ose-operator-marketplace-rhel9@sha256:b714a7ada1e295b599b432f32e1fd5b74c8cdbe6fe51e95306322b25cb873914_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-keepalived-ipfailover-rhel9@sha256:07b0f1258ce6f43f81079051e01b9e48679620971aed366d37b9271d8cc6f81d_amd64 as a component of Red Hat OpenShift Container Platform 4.18 | * |
| Red Hat | registry.redhat.io/openshift4/azure-kms-encryption-provider-rhel9@sha256:abcb8b25933bf734de10dd0ef29fda32a9588789f88715a80ecb4be2e34fa263_ppc64le as a component of Red Hat OpenShift Container Platform 4.18 | *, registry.redhat.io/openshift4/azure-kms-encryption-provider-rhel9@sha256:abcb8b25933bf734de10dd0ef29fda32a9588789f88715a80ecb4be2e34fa263_ppc64le |
| Red Hat | registry.redhat.io/openshift4/cloud-network-config-controller-rhel9@sha256:b957d4ae98257babb6ce34823171f42e1bd9c323ed5baf9f9108c5cef73d963e_ppc64le as a component of Red Hat OpenShift Container Platform 4.18 | * |
…and 1296 more
Timeline
- Feb 25, 2026 CVE Published
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- May 13, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2026:2977 advisory
- https://access.redhat.com/security/cve/CVE-2025-65637 advisory
- https://access.redhat.com/security/updates/classification/ advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2977.json advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2418900 issue
- https://www.cve.org/CVERecord?id=CVE-2025-65637 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-65637 advisory
- https://github.com/mjuanxd/logrus-dos-poc exploit
- https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md exploit
- https://github.com/sirupsen/logrus/issues/1370 advisory
- https://github.com/sirupsen/logrus/pull/1376 advisory
- https://github.com/sirupsen/logrus/releases/tag/v1.8.3 advisory
- https://github.com/sirupsen/logrus/releases/tag/v1.9.1 advisory
- https://github.com/sirupsen/logrus/releases/tag/v1.9.3 advisory
- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391 advisory