VDB
RHSA-2026%3A6911
RHSA-2026%3A6911
PUBLISHED
CVSS 7.5 HIGH
A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer() processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying writer pipe to close. In affected versions, this leaves the Writer interface unusable and can disrupt logging functionality, potentially degrading application availability.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/openshift4/ztp-site-generate-rhel8@sha256:1298753b411c53efdea58e4c8ca9a5199e60c3f17c4302246a62a97702074e6a_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | registry.redhat.io/openshift4/ztp-site-generate-rhel8@sha256:1298753b411c53efdea58e4c8ca9a5199e60c3f17c4302246a62a97702074e6a_amd64, *, * |
| sirupsen | logrus | |
| Red Hat | registry.redhat.io/openshift4/ztp-site-generate-rhel8@sha256:1298753b411c53efdea58e4c8ca9a5199e60c3f17c4302246a62a97702074e6a_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | * |
Timeline
- Apr 7, 2026 CVE Published
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- May 28, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2026:6911 advisory
- https://access.redhat.com/security/cve/CVE-2025-65637 advisory
- https://access.redhat.com/security/updates/classification/ advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6911.json advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2418900 issue
- https://www.cve.org/CVERecord?id=CVE-2025-65637 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-65637 advisory
- https://github.com/mjuanxd/logrus-dos-poc exploit
- https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md exploit
- https://github.com/sirupsen/logrus/issues/1370 advisory
- https://github.com/sirupsen/logrus/pull/1376 advisory
- https://github.com/sirupsen/logrus/releases/tag/v1.8.3 advisory
- https://github.com/sirupsen/logrus/releases/tag/v1.9.1 advisory
- https://github.com/sirupsen/logrus/releases/tag/v1.9.3 advisory
- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391 advisory