HollowByte DoS in OpenSSL bloats server memory
🛡️ Okta researchers disclosed a DoS flaw named HollowByte that lets unauthenticated attackers bloat OpenSSL server memory by sending an 11-byte payload with a forged header. Vulnerable OpenSSL versions allocate memory based on the claimed message length before receiving the payload, then block waiting for data that never arrives, causing heavy heap fragmentation and long-lived RSS growth. The OpenSSL team silently fixed the issue and backported the patch to multiple release lines; administrators are urged to upgrade to the patched versions immediately.