nghttp2 prior to 1.7.1 allows remote malicious users to cause a denial of service (memory exhaustion).
nghttp2 nghttp2
fedoraproject fedora 22
fedoraproject fedora 23