diff --git a/lib/internal/http2/core.js b/lib/internal/http2/core.js
index abcc460c423c78..620e28a1524aa8 100644
--- a/lib/internal/http2/core.js
+++ b/lib/internal/http2/core.js
@@ -19,14 +19,16 @@ const {
   Promise,
   PromisePrototypeCatch,
   ReflectApply,
+  ReflectGet,
   ReflectGetPrototypeOf,
+  ReflectSet,
   RegExpPrototypeTest,
   SafeArrayIterator,
   SafeMap,
   SafeSet,
   StringPrototypeSlice,
   Symbol,
-  TypedArrayPrototypeSet,
+  TypedArrayPrototypeGetLength,
   Uint32Array,
   Uint8Array,
 } = primordials;
@@ -960,6 +962,36 @@ const validateSettings = hideStackFrames((settings) => {
   }
 });
 
+// Wrap a typed array in a proxy, and allow selectively copying the entries
+// that have explicitly been set to another typed array.
+function trackAssignmentsTypedArray(typedArray) {
+  const typedArrayLength = TypedArrayPrototypeGetLength(typedArray);
+  const modifiedEntries = new Uint8Array(typedArrayLength);
+
+  function copyAssigned(target) {
+    for (let i = 0; i < typedArrayLength; i++) {
+      if (modifiedEntries[i]) {
+        target[i] = typedArray[i];
+      }
+    }
+  }
+
+  return new Proxy(typedArray, {
+    get(obj, prop, receiver) {
+      if (prop === 'copyAssigned') {
+        return copyAssigned;
+      }
+      return ReflectGet(obj, prop, receiver);
+    },
+    set(obj, prop, value) {
+      if (`${+prop}` === prop) {
+        modifiedEntries[prop] = 1;
+      }
+      return ReflectSet(obj, prop, value);
+    }
+  });
+}
+
 // Creates the internal binding.Http2Session handle for an Http2Session
 // instance. This occurs only after the socket connection has been
 // established. Note: the binding.Http2Session will take over ownership
@@ -990,10 +1022,13 @@ function setupHandle(socket, type, options) {
   handle.consume(socket._handle);
 
   this[kHandle] = handle;
-  if (this[kNativeFields])
-    TypedArrayPrototypeSet(handle.fields, this[kNativeFields]);
-  else
-    this[kNativeFields] = handle.fields;
+  if (this[kNativeFields]) {
+    // If some options have already been set before the handle existed, copy
+    // those (and only those) that have manually been set over.
+    this[kNativeFields].copyAssigned(handle.fields);
+  }
+
+  this[kNativeFields] = handle.fields;
 
   if (socket.encrypted) {
     this[kAlpnProtocol] = socket.alpnProtocol;
@@ -1045,7 +1080,8 @@ function cleanupSession(session) {
   session[kProxySocket] = undefined;
   session[kSocket] = undefined;
   session[kHandle] = undefined;
-  session[kNativeFields] = new Uint8Array(kSessionUint8FieldCount);
+  session[kNativeFields] = trackAssignmentsTypedArray(
+    new Uint8Array(kSessionUint8FieldCount));
   if (handle)
     handle.ondone = null;
   if (socket) {
@@ -1213,8 +1249,10 @@ class Http2Session extends EventEmitter {
       setupFn();
     }
 
-    if (!this[kNativeFields])
-      this[kNativeFields] = new Uint8Array(kSessionUint8FieldCount);
+    if (!this[kNativeFields]) {
+      this[kNativeFields] = trackAssignmentsTypedArray(
+        new Uint8Array(kSessionUint8FieldCount));
+    }
     this.on('newListener', sessionListenerAdded);
     this.on('removeListener', sessionListenerRemoved);
 
diff --git a/src/node_http2.cc b/src/node_http2.cc
index 112a3a336e0297..275284a147d583 100644
--- a/src/node_http2.cc
+++ b/src/node_http2.cc
@@ -1335,7 +1335,11 @@ int Http2Session::HandleDataFrame(const nghttp2_frame* frame) {
       frame->hd.flags & NGHTTP2_FLAG_END_STREAM) {
     stream->EmitRead(UV_EOF);
   } else if (frame->hd.length == 0) {
-    return 1;  // Consider 0-length frame without END_STREAM an error.
+    if (invalid_frame_count_++ > js_fields_->max_invalid_frames) {
+      Debug(this, "rejecting empty-frame-without-END_STREAM flood\n");
+      // Consider a flood of 0-length frames without END_STREAM an error.
+      return 1;
+    }
   }
   return 0;
 }
diff --git a/test/fixtures/emptyframe.http2 b/test/fixtures/emptyframe.http2
new file mode 100644
index 00000000000000..c4a095c4334529
Binary files /dev/null and b/test/fixtures/emptyframe.http2 differ
diff --git a/test/parallel/test-http2-empty-frame-without-eof.js b/test/parallel/test-http2-empty-frame-without-eof.js
new file mode 100644
index 00000000000000..02da78d940a92d
--- /dev/null
+++ b/test/parallel/test-http2-empty-frame-without-eof.js
@@ -0,0 +1,39 @@
+'use strict';
+const common = require('../common');
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+const { readSync } = require('../common/fixtures');
+const net = require('net');
+const http2 = require('http2');
+const { once } = require('events');
+
+async function main() {
+  const blobWithEmptyFrame = readSync('emptyframe.http2');
+  const server = net.createServer((socket) => {
+    socket.end(blobWithEmptyFrame);
+  }).listen(0);
+  await once(server, 'listening');
+
+  for (const maxSessionInvalidFrames of [0, 2]) {
+    const client = http2.connect(`http://localhost:${server.address().port}`, {
+      maxSessionInvalidFrames
+    });
+    const stream = client.request({
+      ':method': 'GET',
+      ':path': '/'
+    });
+    if (maxSessionInvalidFrames) {
+      stream.on('error', common.mustNotCall());
+      client.on('error', common.mustNotCall());
+    } else {
+      stream.on('error', common.mustCall());
+      client.on('error', common.mustCall());
+    }
+    stream.resume();
+    await once(stream, 'end');
+    client.close();
+  }
+  server.close();
+}
+
+main().then(common.mustCall());