CVE-2025-65637
- ULN >
- Oracle Linux CVE repository >
- CVE-2025-65637
CVE Details
| Release Date: | 2025-12-04 | |
| Impact: | Moderate | What is this? |
Description
A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.
See more information about CVE-2025-65637 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS metrics and score provided are preliminary and subject to review.
CVSS v3 metrics
| Base Score: | 7.5 |
| Vector String: | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Version: | 3.1 |
| Attack Vector: | Network |
| Attack Complexity: | Low |
| Privileges Required: | None |
| User Interaction: | None |
| Scope: | Unchanged |
| Confidentiality Impact: | None |
| Integrity Impact: | None |
| Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 8 (aardvark-dns) | ELSA-2026-3428 | 2026-02-26 |
| Oracle Linux version 8 (buildah) | ELSA-2026-3428 | 2026-02-26 |
| Oracle Linux version 8 (cockpit-podman) | ELSA-2026-3428 | 2026-02-26 |
| Oracle Linux version 8 (conmon) | ELSA-2026-3428 | 2026-02-26 |
| Oracle Linux version 8 (container-selinux) | ELSA-2026-3428 | 2026-02-26 |
| Oracle Linux version 8 (containernetworking-plugins) | ELSA-2026-3428 | 2026-02-26 |
| Oracle Linux version 8 (containers-common) | ELSA-2026-3428 | 2026-02-26 |
| Oracle Linux version 8 (criu) | ELSA-2026-3428 | 2026-02-26 |
| Oracle Linux version 8 (crun) | ELSA-2026-3428 | 2026-02-26 |
| Oracle Linux version 8 (fuse-overlayfs) | ELSA-2026-3428 | 2026-02-26 |
| Oracle Linux version 8 (libslirp) | ELSA-2026-3428 | 2026-02-26 |
| Oracle Linux version 8 (netavark) | ELSA-2026-3428 | 2026-02-26 |
| Oracle Linux version 8 (oci-seccomp-bpf-hook) | ELSA-2026-3428 | 2026-02-26 |
| Oracle Linux version 8 (podman) | ELSA-2026-3428 | 2026-02-26 |
| Oracle Linux version 8 (python-podman) | ELSA-2026-3428 | 2026-02-26 |
| Oracle Linux version 8 (runc) | ELSA-2026-3428 | 2026-02-26 |
| Oracle Linux version 8 (skopeo) | ELSA-2026-3428 | 2026-02-26 |
| Oracle Linux version 8 (slirp4netns) | ELSA-2026-3428 | 2026-02-26 |
| Oracle Linux version 8 (udica) | ELSA-2026-3428 | 2026-02-26 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
