Resource Exhaustion in container-tools:rhel8/conmon | CVE-2025-65637

Threat Intelligence

0.02% (5^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Resource Exhaustion vulnerabilities in an interactive lesson.

Start learning

Snyk IDSNYK-RHEL8-CONTAINERTOOLS-14421077
published15 Dec 2025
disclosed4 Dec 2025

Report a new vulnerability Found a mistake?

Introduced: 4 Dec 2025

CVE-2025-65637 (opens in a new tab) CWE-400 (opens in a new tab)

Amendment

The Red Hat security team deemed this advisory irrelevant for RHEL:8.

NVD Description

Note: Versions mentioned in the description apply only to the upstream container-tools:rhel8/conmon package and not the container-tools:rhel8/conmon package as distributed by RHEL.

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.

Resource Exhaustion The advisory has been revoked - it doesn't affect any version of package container-tools:rhel8/conmon (opens in a new tab)