Home / Jul 18, 2026 / Story
0
#4 The Hacker News general July 17, 2026 at 20:20 UTC

OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests

By [email protected] (The Hacker News)

AI Summary

Okta's Red Team discovered and named 'HollowByte,' a denial-of-service vulnerability in OpenSSL where an 11-byte malicious TLS request causes the server to allocate up to 131 KB of memory that is never freed — confirmed irrecoverable on glibc systems until process restart. OpenSSL shipped the fix in June with no CVE, no advisory, and no changelog reference, meaning administrators have no straightforward way to know if they are patched.

Relevance score: 88.0/100

# More from July 18