A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
https://www.couchbase.com/alerts/
https://security.gentoo.org/glsa/202311-09
https://pkg.go.dev/vuln/GO-2023-1571