Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1969+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. News
  3. HollowByte: 11-Byte Payload Triggers OpenSSL Server Memory Exhaustion
HollowByte: 11-Byte Payload Triggers OpenSSL Server Memory Exhaustion
NEWS

HollowByte: 11-Byte Payload Triggers OpenSSL Server Memory Exhaustion

Researchers have disclosed HollowByte, a denial-of-service vulnerability that allows unauthenticated attackers to crash OpenSSL-based servers by sending a...

Dylan H.

News Desk

July 19, 2026
3 min read

Overview

A newly disclosed vulnerability dubbed HollowByte allows unauthenticated remote attackers to trigger a denial-of-service condition on OpenSSL-based servers with a malicious payload of just 11 bytes. The flaw causes the target server to allocate memory in an unbounded fashion, rapidly exhausting available RAM and rendering the server unresponsive.

The vulnerability was reported by BleepingComputer on July 17, 2026, and underscores how seemingly trivial input can have catastrophic effects when cryptographic library parsing logic fails to impose proper size constraints.

How HollowByte Works

The HollowByte attack exploits a flaw in how OpenSSL parses specific TLS handshake message structures. When a specially crafted 11-byte payload is received during the TLS connection setup phase, the affected parsing routine interprets a field in the packet as an allocation size without adequately validating it against expected bounds.

This causes OpenSSL to:

  1. Receive the 11-byte malicious packet from an unauthenticated client
  2. Allocate a disproportionately large memory buffer based on the manipulated field value
  3. Exhaust available system memory as the process balloons
  4. Crash or become unresponsive, resulting in a denial of service

The unauthenticated nature of the attack is particularly concerning — no valid TLS session or credentials are required to trigger the condition, meaning any network-accessible OpenSSL server is potentially at risk.

Impact

  • Affected software: OpenSSL servers (specific version range to be confirmed in the official CVE)
  • Attack type: Denial of Service (memory exhaustion)
  • Authentication required: None
  • Network access required: Yes (the attacker must be able to reach the target port)
  • Complexity: Low — a single 11-byte packet is sufficient to trigger the condition

The potential blast radius is significant. OpenSSL underpins the TLS stack of countless web servers, mail servers, VPN gateways, and embedded systems. A lightweight DoS payload of this nature is trivially weaponizable into automated attack tools.

Remediation

Monitor the OpenSSL Security Advisory page for patch releases addressing this vulnerability. When patches are available:

  • Update OpenSSL on all affected systems to the patched version
  • Restart services that dynamically load OpenSSL (web servers, mail servers, proxies)
  • For containerized environments, rebuild and redeploy images using the patched OpenSSL base

Mitigation While Awaiting Patches

Until official patches are released:

  • Rate-limit incoming TLS connections at the load balancer or firewall level to reduce the impact of a flood of malicious packets
  • Set connection timeout and memory limits at the application or OS level where supported
  • Deploy a WAF or TLS-terminating reverse proxy in front of origin servers — if the proxy itself is patched, it can absorb malicious packets before they reach backend services
  • Monitor memory usage on TLS-serving processes; set alerting thresholds to detect anomalous growth
  • Block suspicious source IPs at the network edge if automated scanning is detected

Broader Context

HollowByte joins a lineage of high-impact OpenSSL vulnerabilities — most famously Heartbleed (CVE-2014-0160) — that demonstrate how parsing bugs in ubiquitous cryptographic libraries can have outsized consequences across the internet. Unlike Heartbleed's data exfiltration impact, HollowByte is purely a DoS vector, but its weaponizability against the entire TLS-speaking internet makes it a critical concern for operators of any public-facing service.

Security teams should treat this as a priority patching event once official fixes are published and ensure their asset inventory covers all systems with OpenSSL as a dependency.

References

  • BleepingComputer: HollowByte DDoS flaw bloats OpenSSL server memory with 11-byte payload
  • OpenSSL Security Advisories
#Vulnerability#OpenSSL#DoS#DDoS#BleepingComputer

Related Articles

HollowByte: 11-Byte Payload Triggers Memory Bloat DoS on OpenSSL Servers

A newly disclosed vulnerability dubbed HollowByte allows unauthenticated attackers to cause a denial-of-service condition on OpenSSL servers by sending a...

5 min read

CISA Warns of Actively Exploited RCE Flaws in Joomla Extensions

CISA has added two Joomla extension vulnerabilities to its KEV catalog after attackers began exploiting arbitrary file upload flaws in iCagenda and...

4 min read

CISA: Windows BlueHammer Flaw Now Exploited by Ransomware Gangs

CISA has confirmed that ransomware gangs are actively exploiting BlueHammer, a Microsoft Defender privilege escalation vulnerability previously used in...

4 min read
Back to all News