CVE-2025-53604

Published July 5th, 2025

View on NVD ↗

CVSS v3

MEDIUM

CVSS v2

N/A

Affected

PROJECTS

Description

The web-push crate before 0.10.3 for Rust allows a denial of service (memory consumption) in the built-in clients via a large integer in a Content-Length header.

web-push

Web push notification client with support for http-ece encryption and VAPID authentication.

Crates.io

438K

pimeys/rust-web-push

A Web Push library for Rust

GitHub

134