HTTP/2 Denial of Service Vulnerability

**Summary:** Malformed HTTP/2 frames cause NodeJS http2 module to perform an uninitialized read. This results in a segmentation fault of the node process, causing a denial of service for all users of the instance. **Description:** I have already worked extensively with the nodejs core security team on this issue. The issue has already been acknowledged by James Snell so this report is to officially get the issue on the books. All necessary details for this bug report have already been provided via security mailing list for nodejs. This issue is known to be present in v9 and v10 of nodejs. ## Steps To Reproduce: Again, all the necessary repro instructions, core file, and stack traces have been provided to nodejs core security team. 1. Setup HTTP/2 server with node. 2. Send malformed HTTP/2 frames - I've noticed the issue with a GOAWAY frame, there are potentially others which also cause this issue. 3. Observe crash of nodejs instance. Segmentation fault results in core file generation. ## Impact: Segfaults lead to denial of service vulnerability. Attacker is able to send malformed frame to crash the instance. ## Supporting Material/References: Already provided to nodejs core security team. Reference email threads with James Snell for additional details. * List any additional material (e.g. screenshots, logs, references, commits, code examples, etc.). ## Impact Denial of service on NodeJS instances which use HTTP/2.