ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
CRITICAL Open Source

OpenSSL HollowByte DoS can lock server memory via 11-byte TLS packets

Source headline: OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests

Threat level Critical
Signal strength 75/100
Source confidence 1 source
Published 2 hours ago

Intelligence Summary

Okta describes a denial-of-service issue in unpatched OpenSSL implementations that can freeze a server’s allocated memory. By sending a crafted TLS request containing only 11 bytes, an attacker can cause the server to reserve up to about 131 KB for a message that never completes. On glibc systems tested by Okta, that memory remains unavailable until the process restarts. OpenSSL reportedly shipped a fix in June without a CVE, advisory, or clear changelog entry pointing to the problem. If you run OpenSSL-based services, verify you are on a patched version and monitor for unusual TLS handshake patterns.

Recommended Action

Prioritize immediate review, validate exposure, and patch or mitigate affected systems.

Topics

#denial-of-service #openssl #glibc #hollowbyte #memory-exhaustion #tls
Original reporting The Hacker News OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests
Open original source