PT-2025-49116 · Logrus+2 · Logrus+2

Ozfive

·

Published

2023-02-02

·

Updated

2026-05-22

·

CVE-2025-65637

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions logrus versions prior to 1.8.3 logrus versions 1.9.0 logrus versions 1.9.2
Description A denial-of-service issue exists in logrus when utilizing Entry.Writer() to log a single-line payload exceeding 64KB without newline characters. The internal bufio.Scanner encounters a "token too long" error, closing the writer pipe and rendering Writer() unusable, which can lead to application unavailability.
Recommendations Update to logrus version 1.8.3 or later. Update to logrus version 1.9.1 or later. Update to logrus version 1.9.3 or later.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALSA-2026:3428
AZL-71452
AZL-71473
AZL-71476
AZL-71479
AZL-71482
AZL-71500
AZL-71506
AZL-71510
AZL-71513
AZL-71516
AZL-71519
AZL-71534
AZL-71537
AZL-71543
AZL-71557
AZL-71560
AZL-71563
AZL-71566
AZL-71569
AZL-71572
AZL-71575
AZL-71602
AZL-71605
AZL-71614
AZL-71617
AZL-71620
AZL-71626
AZL-71629
AZL-71632
AZL-71638
BDU:2026-06592
CLEANSTART-2026-HZ73294
CLEANSTART-2026-SQ68600
CVE-2025-65637
ECHO-F49D-2A75-50EB
GHSA-4F99-4Q7P-P3GH
GO-2025-4188
OESA-2026-1270
OESA-2026-1271
OESA-2026-1277
OESA-2026-1278
OESA-2026-2309
OESA-2026-2359
RHSA-2026:0425
RHSA-2026:10703
RHSA-2026:11804
RHSA-2026:12273
RHSA-2026:13971
RHSA-2026:15940
RHSA-2026:15941
RHSA-2026:2519
RHSA-2026:2520
RHSA-2026:2658
RHSA-2026:2670
RHSA-2026:2685
RHSA-2026:2686
RHSA-2026:2687
RHSA-2026:2688
RHSA-2026:2746
RHSA-2026:2973
RHSA-2026:3428
RHSA-2026:4418
RHSA-2026:4531
RHSA-2026:4532
RHSA-2026:4533
RHSA-2026:4580
RHSA-2026:4693
RHSA-2026:6191
RHSA-2026:7238
RHSA-2026:7885
RHSA-2026:8325
SUSE-SU-2026:0037-1
SUSE-SU-2026:0292-1

Affected Products

Debian
Rocky Linux
Logrus