A server can send an HTTP response with many occurrences of Transfer-Encoding and/or Content-Encoding headers. Each listed encoding allocates a buffer. The number of encodings listed within each header is already bounded but the number of headers is not, allowing an HTTP response to consume all available memory.
Using the curl test environment:
Patch fixing the problem and new test for the case.
Denial of service.