CyberSecurity News
OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests
AI summary
A vulnerability in OpenSSL, known as HollowByte, can cause an unpatched server to allocate a significant amount of memory in response to a short TLS request. Specifically, an 11-byte request can lead to the server setting aside up to 131 KB of memory for a message that never arrives. On systems using glibc, this memory allocation is permanent until the process is restarted. The HollowByte flaw was fixed by OpenSSL in June, but the update was not accompanied by a CVE, advisory, or changelog entry. The issue was discovered and reported by Okta's Red Team, which also named the vulnerability.
This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.

