HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
https://nowotarski.info/http2-continuation-flood/
https://kb.cert.org/vuls/id/421644
https://security.netapp.com/advisory/ntap-20240415-0013/
https://httpd.apache.org/security/vulnerabilities_24.html