HollowByte DDoS flaw bloats OpenSSL server memory with 11-byte payload

Summary

A vulnerability named HollowByte allows unauthenticated attackers to cause a denial-of-service (DoS) on OpenSSL servers. This is achieved by sending a small, malicious 11-byte payload that causes excessive memory bloating.

IFF Assessment

FOE

This vulnerability can be exploited with a minimal payload to disrupt services, posing a direct threat to system availability.

Severity

7.5 High (AI Estimated)

The vulnerability allows for denial of service through remote code execution, with a low attack complexity and no privileges required. The impact on confidentiality and integrity is none, but availability is significantly impacted.

Defender Context

This vulnerability highlights the critical need to keep OpenSSL updated, as even small, unauthenticated payloads can lead to significant denial-of-service conditions. Defenders should monitor for unusual memory usage on servers running OpenSSL and apply patches promptly.

Read Full Story →