Base Score

MEDIUM4

CVE-2025-53604

The web-push crate before 0.10.3 for Rust allows a denial of service (memory consumption) in the built-in clients via a large integer in a Content-Length header.

VectorNETWORK

Published Bycve@mitre.org

Published DateJul 05, 2025, 01:15

Affected Versions(1)

web-push(crates.io)

Introduced0

Fixed0.10.4

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
web-push(crates.io)	0	0.10.4	N/A

Weakness Type (CWE):CWE-130

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

LOW

References

Base Score

MEDIUM4

Weakness Type (CWE):CWE-130

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

LOW