SECURITYTHE HACKER NEWS
OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests
An OpenSSL vulnerability named HollowByte allows 11-byte TLS requests to allocate up to 131 KB of server memory that remains reserved until the process restarts. Okta's Red Team discovered and reported the denial-of-service bug, which was patched in June without a CVE identifier, security advisory, or changelog entry.
Related Signal
Adjacent reporting
- Bitcoin Core quietly patched high-severity memory bug months before public disclosure, but many nodes may still run affected software
- New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution
- Citrix patches a new NetScaler flaw with echoes of CitrixBleed
- New Cisco DoS flaw requires manual reboot to revive devices