OpenSSL servers HollowByte DoS denial-of-service flaw
Vulnerability
Updated: 17.07.2026 20:56
· First: 17.07.2026 20:56
· 📰 1 src / 1 articles
· H score: 18
HollowByte is a new OpenSSL DoS flaw that lets unauthenticated attackers exhaust memory on affected servers with an 11-byte payload. The bug affects server-side TLS handshake handling, where OpenSSL trusts a declared message size before validating the incoming body. OpenSSL has fixed and backported the issue to 4.0.1, 3.6.3, 3.5.7, 3.4.6, and 3.0.21, and operators are being urged to upgrade immediately.