This description was provided in the disclosure from VINCE: The AMPHP implementation of HTTP/2 will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash.
Created nextcloud tracking bugs for this issue: Affects: fedora-all [bug 2273040]