CVE-2025-53604

Summary

The web-push crate before 0.10.3 for Rust allows a denial of service (memory consumption) in the built-in clients via a large integer in a Content-Length header.

Affected Software

VendorProductVersion RangeStatus
pimeysweb-push0 < 0.10.3affected

Weaknesses

  • CWE-130: CWE-130 Improper Handling of Length Parameter Inconsistency

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References