CVE-2022-35922

Rust-WebSocket (rust-websocket) prior to 0.26.5 is vulnerable: untrusted data during dataframe parsing can drive an allocation based on a declar ed size, causing an OOM abort in the sync (non-Tokio) path; the async path does not use Vec::with_capacity, so DoS is tied to delivered oversized data. ...