Calling napi_get_value_string_latin1, napi_get_value_string_utf8, or napi_get_value_string_utf16 with a non-NULL buf, and a bufsize of 0 will cause the entire string value to be written to buf, probably overrunning the length of the buffer.Receiving unreasonably large HTTP/2 SETTINGS frames can consume 100% CPU to process all the settings, blocking all other activities until complete. The HTTP/2 session frame is limited to 32 settings by default. This can be configured if necessary using the maxSettings option.