nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).
{ "urgency": "not yet assigned" }