A remote attacker can send a specially crafted WebSocket frame that triggers an infinite busy-loop in libcurl, causing the application to hang indefinitely potentially leading to a denial of service.