OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests

Eleven bytes will make an unpatched OpenSSL server set aside up to 131 KB of memory for a message that never arrives. On the glibc systems Okta tested, that memory is gone until the process restarts.

OpenSSL shipped the HollowByte fix in June with no CVE, no advisory, and no changelog entry pointing at it. Okta’s Red Team, which reported the denial-of-service bug and named it, published the

Source: The Hacker News

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Ask HN: Add flag for AI-generated articles

Ask HN: Add flag for AI-generated articles Source: Hacker News

Interrail: 6,379Km and 13 Countries over 7 weeks

Interrail: 6,379Km and 13 Countries over 7 weeks Source: Hacker News

Agency stole bestselling author’s book, used AI to relaunch as their own

Agency stole bestselling author’s book, used AI to relaunch as their own Source: Hacker News