CVE-2025-53604: CWE-130 Improper Handling of Length Parameter Inconsistency in pimeys web-push
Severity: mediumType: vulnerabilityCVE-2025-53604
The web-push crate before 0.10.3 for Rust allows a denial of service (memory consumption) in the built-in clients via a large integer in a Content-Length header.
CVE-2025-53604: CWE-130 Improper Handling of Length Parameter Inconsistency in pimeys web-push
Medium
Published: Sat Jul 05 2025 (07/05/2025, 00:00:00 UTC)
Source: CVE Database V5
Vendor/Project: pimeys
Product: web-push
Description
The web-push crate before 0.10.3 for Rust allows a denial of service (memory consumption) in the built-in clients via a large integer in a Content-Length header.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2025-07-05T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 686877c46f40f0eb72a47d6b
Added to database: 7/5/2025, 12:54:28 AM
Last updated: 7/5/2025, 12:54:28 AM
Views: 1
Related Threats
CVE-2025-53603: CWE-476 NULL Pointer Dereference in Alinto SOPE
HighVulnerabilitySat Jul 05 2025
CVE-2025-43711: CWE-459 Incomplete Cleanup in Tunnelblick Project Tunnelblick
HighVulnerabilityFri Jul 04 2025
CVE-2025-26850: CWE-863 Incorrect Authorization in Quest KACE Systems Management Appliance
CriticalVulnerabilityFri Jul 04 2025
CVE-2025-53366: CWE-248: Uncaught Exception in modelcontextprotocol python-sdk
HighVulnerabilityFri Jul 04 2025
CVE-2025-53365: CWE-248: Uncaught Exception in modelcontextprotocol python-sdk
HighVulnerabilityFri Jul 04 2025
Actions
Please log in to the Console to use AI analysis features.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.