Dossier
HollowByte
Coverage of HollowByte in the Nexus archive.
- OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests
An OpenSSL vulnerability named HollowByte allows 11-byte TLS requests to allocate up to 131 KB of server memory that remains reserved until the process restarts. Okta's Red Team discovered and reported the denial-of-service bug, which was patched in June without a CVE identifier, security advisory, or changelog entry.