Resource Exhaustion in conmon | CVE-2025-65637

Threat Intelligence

0.04% (10^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Resource Exhaustion vulnerabilities in an interactive lesson.

Start learning

Snyk IDSNYK-CENTOS9-CONMON-14419553
published15 Dec 2025
disclosed4 Dec 2025

Report a new vulnerability Found a mistake?

Introduced: 4 Dec 2025

CVE-2025-65637 (opens in a new tab) CWE-400 (opens in a new tab)

Amendment

The Centos security team deemed this advisory irrelevant for Centos:9.

NVD Description

Note: Versions mentioned in the description apply only to the upstream conmon package and not the conmon package as distributed by Centos.

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.

Resource Exhaustion The advisory has been revoked - it doesn't affect any version of package conmon (opens in a new tab)