cvedb.io
CVE-2025-65637
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2025-12-04T19:16:05.223 · Last modified 2026-06-17T09:55:50.633

Summary

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.

Affected products

turbopuffer — logrus

Does this affect you?

Add your gear to cvedb and we'll alert you only when turbopuffer ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.