Part of the Transmission Control Protocol TCP specification RFC 1122 allows a receiver to advertise a zero byte window, instructing the sender to maintain the connection but not send additional TCP payload data. The sender should then probe the receiver to check if the receiver is ready to accept data. Narrow interpretation of this part of the specification can create a denial-of-service vulnerability. By advertising a zero receive window and acknowledging probes, a malicious receiver can cause a sender to consume resources TCP state, buffers, and application memory, preventing the targeted service or system from handling legitimate connections.

via US-CERT Vulnerability Note VU#723308 – TCP may keep its offered receive window closed indefinitely RFC 1122.