CNNVD-202512-485 Information
CNNVD ID
CNNVD-202512-485
Related CVE
- CNNVD Published: 2025-12-04
Description (Chinese)
Logrus是Simon Eskildsen个人开发者的一个Go的日志记录库。 Logrus 1.8.3之前版本、1.9.0版本和1.9.2版本存在安全漏洞,该漏洞源于日志记录单行有效载荷超过64KB可能导致拒绝服务。
Description (English)
Logras is a Go log log of Simon Eskildsen’s personal developer. Prior to Logras 1.8.3, Version 1.9.0 and Version 1.9.2, there is a security loophole, which stems from the fact that a one-line payload in the log log records exceeding 64 KB may result in the denial of services.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-12-04
Last Modified
2026-02-24
References
https://github.com/sirupsen/logrus/pull/1376 https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391 https://github.com/sirupsen/logrus/issues/1370 https://github.com/sirupsen/logrus/releases/tag/v1.9.3 https://github.com/sirupsen/logrus/releases/tag/v1.8.3 https://github.com/mjuanxd/logrus-dos-poc https://github.com/sirupsen/logrus/releases/tag/v1.9.1 https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-65637 https://access.redhat.com/security/cve/cve-2025-65637
Patch
https://github.com/sirupsen/logrus/releases
Share on: