A cookie bomb is basically the capability of adding a large number of big cookies to a user for a domain an its subdomains with the goal that the victim will always send very big HTTP requests to the server (due to the cookies) that the server won't accept the request. Therefore, this will cause a DoS over a user in that domains and subdomains.
A nice example can be seen in this write-up: https://hackerone.com/reports/57356
And for more information you can check this presentation: https://speakerdeck.com/filedescriptor/the-cookie-monster-in-your-browsers?slide=26