← Back

CVE-2025-65637

nvd nist
Published: Dec 4, 2025Modified: Dec 23, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.

Affected (3)

Products: Turbopuffer: Logrus
Turbopuffer
1 product
Logrus
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Turbopuffer
Logrus
Before 1.8.3
Logrus
Version 1.9.0
Logrus
Version 1.9.2

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (8)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
ExploitIssue TrackingPatch
Source: cve@mitre.org
Issue TrackingPatch
Source: cve@mitre.org
Release Notes
Source: cve@mitre.org
Release Notes
Source: cve@mitre.org
Release Notes
Source: cve@mitre.org
ExploitThird Party Advisory

Timeline

No history available yet.