Full Report
Eleven bytes will make an unpatched OpenSSL server set aside up to 131 KB of memory for a message that never arrives. On the glibc systems Okta tested, that memory is gone until the process restarts. OpenSSL shipped the HollowByte fix in June with no CVE, no advisory, and no changelog entry pointing at it. Okta's Red Team, which reported the denial-of-service bug and named it, published the
Analysis Summary
# Vulnerability: OpenSSL "HollowByte" Memory Exhaustion DoS
## CVE Details
- **CVE ID:** None assigned (OpenSSL triaged as a "bug or hardening" fix).
- **CVSS Score:** N/A (Estimated Moderate/High for Availability impact).
- **CWE:** CWE-400: Uncontrolled Resource Consumption; CWE-770: Allocation of Resources Without Limits or Throttling.
## Affected Systems
- **Products:** OpenSSL Server implementations.
- **Versions:**
- All versions prior to 4.0.1, 3.6.3, 3.5.7, 3.4.6, and 3.0.21.
- Status of extended-support branches (1.1.1 and 1.0.2) is currently unconfirmed.
- **Configurations:** Systems using **glibc** (GNU C Library) are specifically susceptible to the persistent memory fragmentation aspect of this flaw.
## Vulnerability Description
HollowByte is a Denial-of-Service (DoS) flaw involving how OpenSSL handles TLS handshake headers. Every TLS message includes a 4-byte header, with 3 bytes declaring the intended body length. Vulnerable OpenSSL versions immediately allocate a receive buffer based on this declared size (up to 131 KB for a `ClientHello`) before receiving the actual body or performing authentication.
While OpenSSL frees the buffer if the connection drops, **glibc** allocators often retain these small-to-medium memory chunks for reuse instead of returning them to the kernel. By varying the requested size in each connection, an attacker can cause heap fragmentation, preventing the allocator from reusing the freed memory. This leads to a permanent climb in Resident Set Size (RSS) until the process is killed by the OOM (Out of Memory) killer or the system freezes.
## Exploitation
- **Status:** PoC described by Okta Red Team; no public exploit code available on GitHub as of July 18, 2026.
- **Complexity:** Low.
- **Attack Vector:** Network (Unauthenticated).
## Impact
- **Confidentiality:** None.
- **Integrity:** None.
- **Availability:** High (Can result in process termination/OOM kill or server unresponsiveness).
## Remediation
### Patches
OpenSSL released stealth fixes on June 9, 2026. Users must manually upgrade to the following versions or higher:
- **OpenSSL 4.0.1**
- **OpenSSL 3.6.3**
- **OpenSSL 3.5.7**
- **OpenSSL 3.4.6**
- **OpenSSL 3.0.21**
### Workarounds
- No specific workarounds (like configuration flags) were identified. Standard connection-limiting defenses may be bypassed because the memory exhaustion occurs even if connection limits are not exceeded.
## Detection
- **Indicators of Compromise:**
- Rapid, unexplained growth in the Resident Set Size (RSS) of OpenSSL-dependent processes (e.g., NGINX).
- Large volumes of incomplete 11-byte TLS connection attempts.
- **Detection Methods:** Monitor for heap fragmentation and memory usage that does not return to baseline after client disconnection.
## References
- **Okta Security Blog:** hxxps[://]sec[.]okta[.]com/articles/2026/06/openssl-hollowbtye-a-dos-hiding-in-11-bytes/
- **OpenSSL Pull Request:** hxxps[://]github[.]com/openssl/openssl/pull/30792
- **The Hacker News Article:** hxxps[://]thehackernews[.]com/2026/07/openssl-hollowbyte-flaw-could-freeze.html