Researchers at Black Hat describe finding four flaws in the way the major server vendors implemented HTTP/2. They say they found nothing vulnerable about the protocol itself, but that they created distributed denial-of-service attacks that took advantage of openings left by how servers support the protocol. The attacks lasted as long as the attacker wanted to attack, and others the attacks were severe enough to crash the servers, the researchers say. Businesses using the servers should make sure they are patched, they say.”]
Source: https://www.csoonline.com/article/3103503/black-hat-be-wary-of-http-2-on-web-servers.html