Question 1

Is there a bug in github.com/sirupsen/logrus?

Accepted Answer

Logrus is vulnerable to DoS when using Entry.Writer() A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged. Fixed in github.com/sirupsen/logrus 1.8.3.

Question 2

Is there a bug in github.com/sirupsen/logrus 1.9.2?

Accepted Answer

Logrus is vulnerable to DoS when using Entry.writerScanner in github.com/sirupsen/logrus Logrus is vulnerable to DoS when using Entry.writerScanner in github.com/sirupsen/logrus Fixed in github.com/sirupsen/logrus 1.9.3.

Severity	Affected	Fixed in	Title	Status	Source
high	any	1.8.3	Logrus is vulnerable to DoS when using Entry.Writer() A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.	fixed	osv:GHSA-4f99-4q7p-p3gh
medium	1.9.2	1.9.3	Logrus is vulnerable to DoS when using Entry.writerScanner in github.com/sirupsen/logrus Logrus is vulnerable to DoS when using Entry.writerScanner in github.com/sirupsen/logrus	fixed	osv:GO-2025-4188

github.com/sirupsen/logrus known bugs