Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-53604

The web-push crate before 0.10.3 for Rust allows a denial of service (memory consumption) in the built-in clients via a large integer in a Content-Length header.

Published

2025-07-05T01:15:28.340

Last Modified

2025-07-08T16:18:53.607

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 4.0 (MEDIUM)

Weaknesses

Type: Primary
CWE-130

Affected Vendors & Products

References

https://crates.io/crates/web-push ([email protected])
https://github.com/pimeys/rust-web-push/pull/68 ([email protected])
https://rustsec.org/advisories/RUSTSEC-2025-0015.html ([email protected])