curl: libcurl WebSocket handshake accepts any Sec-WebSocket-Accept

Summary: libcurl upgrades to WebSocket without validating Sec-WebSocket-Accept, allowing a spoofed 101 response to complete the handshake and inject frames; AI assistance was used to draft this report. Steps to Reproduce: 1. Clone and build curl from source: git clone --depth=1...

CVE-2022-35922

Rust-WebSocket (rust-websocket) prior to 0.26.5 is vulnerable: untrusted data during dataframe parsing can drive an allocation based on a declar ed size, causing an OOM abort in the sync (non-Tokio) path; the async path does not use Vec::with_capacity, so DoS is tied to delivered oversized data. ...