H2O version 2.2.2 and previous versions allows remote malicious users to cause a denial of service in the server via specially crafted HTTP/1 header.
dena h2o