VDB
RHSA-2026%3A2991
RHSA-2026%3A2991
PUBLISHED
CVSS 7.5 HIGH
A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer() processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying writer pipe to close. In affected versions, this leaves the Writer interface unusable and can disrupt logging functionality, potentially degrading application availability.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/openshift4/ose-egress-dns-proxy@sha256:f0dbde36d73a17980b50b754dd0958dc2527c43c9269b316dd32f50f73ace3cb_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-egress-dns-proxy@sha256:f0dbde36d73a17980b50b754dd0958dc2527c43c9269b316dd32f50f73ace3cb_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-secrets-store-csi-driver-rhel8@sha256:4e99d5afa2d785accd9833e0348ca1a2daf058112d8c6ceb6c8a6cccbdbbbf8c_s390x as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-secrets-store-csi-driver-rhel8@sha256:4e99d5afa2d785accd9833e0348ca1a2daf058112d8c6ceb6c8a6cccbdbbbf8c_s390x |
| Red Hat | registry.redhat.io/openshift4/metallb-rhel9-operator@sha256:8acee93c27ab360074d93a00c422f2c06a12181db5ad6cd9c8092b7a3a13e332_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-secrets-store-csi-driver-rhel8@sha256:f2d5d8844cecf27553d381c0068c288d9e7d32756deb1b5986b3bc077ccd00ea_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-secrets-store-csi-driver-rhel8@sha256:f2d5d8844cecf27553d381c0068c288d9e7d32756deb1b5986b3bc077ccd00ea_arm64 |
| Red Hat | registry.redhat.io/openshift4/ose-sriov-network-operator@sha256:b828663259f7dacd555ba6e69482784ed79a062ad81b6fe10d5991e223cb542f_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | * |
| Red Hat | registry.redhat.io/openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:88255ee74a82871794b6fc1da59cae48e0dde23ef96acefb9a620968a12ee292_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | * |
| Red Hat | registry.redhat.io/openshift4/ose-operator-sdk-rhel8@sha256:e491b99535d427e19a01c1fc523a3bf4dbe8da80667402183c8d493655081fea_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-sriov-network-operator@sha256:b828663259f7dacd555ba6e69482784ed79a062ad81b6fe10d5991e223cb542f_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | *, registry.redhat.io/openshift4/ose-sriov-network-operator@sha256:b828663259f7dacd555ba6e69482784ed79a062ad81b6fe10d5991e223cb542f_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-helm-operator@sha256:8591d48f95aedf6ad3a5c09b4e05d89f1390724b44dc65a4215a1216f5ccaab8_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-helm-operator@sha256:8591d48f95aedf6ad3a5c09b4e05d89f1390724b44dc65a4215a1216f5ccaab8_arm64 |
| Red Hat | registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:347d858c2bd230e29d6f2efb9d4829ec09c5cd425060f13e6b6d5b0e5cc769a0_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:17c8bb310686626df44d31d91a6dfdc40cd9490f92853ed871b1061bdb63770f_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | * |
| Red Hat | registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:a71ab79864ca8bf37be68f6f5a5b953d73d37274e4431d711368ca80f187be3a_s390x as a component of Red Hat OpenShift Container Platform 4.14 | * |
| Red Hat | registry.redhat.io/openshift4/ose-ptp-rhel9@sha256:0d359804be18e693dc700bdcb9ef3dd630755aecaa9d94e8b93d973e60f7c745_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-ptp-rhel9@sha256:0d359804be18e693dc700bdcb9ef3dd630755aecaa9d94e8b93d973e60f7c745_arm64 |
| Red Hat | registry.redhat.io/openshift4/ose-egress-dns-proxy@sha256:f0dbde36d73a17980b50b754dd0958dc2527c43c9269b316dd32f50f73ace3cb_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-capacity@sha256:c611102b8d6afade3a18e40ba76e77e567a03fb9c78a0ef9a43120f0892302df_s390x as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-cluster-capacity@sha256:c611102b8d6afade3a18e40ba76e77e567a03fb9c78a0ef9a43120f0892302df_s390x, * |
| Red Hat | registry.redhat.io/openshift4/ose-operator-sdk-rhel8@sha256:a5aefd75cec0b3b1440e7715accca08a31a2360593e3501bd4968bb4936121df_s390x as a component of Red Hat OpenShift Container Platform 4.14 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-sriov-network-config-daemon@sha256:84cd48f7d2faeb028ab38a133a1df39cca203976d8a02a673097915eb12804a3_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-sriov-network-config-daemon@sha256:84cd48f7d2faeb028ab38a133a1df39cca203976d8a02a673097915eb12804a3_amd64, * |
| Red Hat | registry.redhat.io/openshift4/ose-egress-dns-proxy@sha256:fe6d1b5daad1794679cbc5f55cbaec801ab963907f47b9788a4ff0380085f977_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:d8e1fe5b5ed8e76f7554873997655a3bf829e25d1d651476c7e9291d64c1d28f_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:d8e1fe5b5ed8e76f7554873997655a3bf829e25d1d651476c7e9291d64c1d28f_amd64, * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-capacity@sha256:db365c8b080a73a9196c24c2765a9768a9ac3d6473cdfaf8cce767b2b6d4b47e_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-cluster-capacity@sha256:db365c8b080a73a9196c24c2765a9768a9ac3d6473cdfaf8cce767b2b6d4b47e_amd64, * |
…and 296 more
Timeline
- Feb 26, 2026 CVE Published
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- May 13, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2026:2991 advisory
- https://access.redhat.com/security/cve/CVE-2025-65637 advisory
- https://access.redhat.com/security/updates/classification/ advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2991.json advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2418900 issue
- https://www.cve.org/CVERecord?id=CVE-2025-65637 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-65637 advisory
- https://github.com/mjuanxd/logrus-dos-poc exploit
- https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md exploit
- https://github.com/sirupsen/logrus/issues/1370 advisory
- https://github.com/sirupsen/logrus/pull/1376 advisory
- https://github.com/sirupsen/logrus/releases/tag/v1.8.3 advisory
- https://github.com/sirupsen/logrus/releases/tag/v1.9.1 advisory
- https://github.com/sirupsen/logrus/releases/tag/v1.9.3 advisory
- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391 advisory