The denial-of-service (DoS) exploit takes advantage of two features in HTTP/2 that were designed to save Internet bandwith, not power massive amplification attacks.
HTTP/2 Bomb Attacks Put Telcos, Healthcare Orgs at Risk
Summary + source link. No paywalls, no tracking.