H2O version 2.2.3 and previous versions allows remote malicious users to cause a denial of service in the server via specially crafted HTTP/2 header.
dena h2o