Apache HTTPD web server versions 2.4.17 through 2.4.23 did not apply limitations on request headers correctly when experimental module for the HTTP/2 protocol is used to access a resource. The net result is that a server allocates too much memory instead of denying the request. This can lead to memory exhaustion of the server by a properly crafted request.
ce59b7317dd8f5505d72923540ebf2779ce068b9cee27dfa83ab5f0a3bf93819