Just an 11‑byte payload can bloat an OpenSSL server’s memory, and that’s the surprising core of the newly disclosed HollowByte flaw. The vulnerability lets an unauthenticated attacker trigger a classic denial‑of‑service condition by exploiting how OpenSSL allocates memory during the TLS handshake. Because the focus keyword appears early, readers know exactly what’s at stake.
Historical Context
OpenSSL has been the de‑facto TLS library for decades, powering everything from web servers to embedded devices. Its codebase grew alongside the internet, and performance concerns often guided design choices. In earlier versions, developers favored allocating buffers early to avoid extra system calls. That approach kept latency low for high‑traffic sites. Over time, the same pattern became a double‑edged sword, exposing a gap that modern attackers can exploit.
Memory‑allocation bugs are not new to the cryptographic world. Past incidents have shown that a tiny misstep in size handling can cascade into a system‑wide crisis. The HollowByte issue follows that lineage, demonstrating how a seemingly innocuous header can become a weapon. While the vulnerability itself is fresh, the underlying principle—trusting client‑supplied lengths without verification—has been a cautionary tale for developers for years.
Key Takeaways
- HollowByte lets an attacker exhaust memory with an 11‑byte payload.
- OpenSSL allocates the declared buffer size before validating the payload, leading to indefinite blocking.
- glibc’s allocator keeps freed chunks, causing persistent RSS growth even after connections close.
- Patch is available in OpenSSL 4.0.1 and back‑ported to 3.6.3, 3.5.7, 3.4.6, and 3.0.21.
- Upgrade immediately; the only full recovery is a process restart.
OpenSSL Memory Exhaustion: The HollowByte Attack Explained
Okta’s Red Team released an advisory earlier this week that walks through the mechanics step by step. In a TLS handshake, each message begins with a 4‑byte header that includes a three‑byte length field. The vulnerable OpenSSL code allocated a buffer based on that length before the payload arrived, trusting the client’s claim. The worker thread then blocks, waiting indefinitely for data that will never arrive, Okta explains.
“The worker thread then blocks, waiting indefinitely for data that will never arrive,” Okta says.
That’s the catch: an attacker opens a TLS connection and sends an 11‑byte packet whose header claims a massive payload is on the way. The server dutifully reserves the advertised memory, then sits idle as the rest of the data never shows up. When the attacker repeats the pattern across dozens of connections, the server’s heap fragments heavily. Even after the attacker drops the connections, the freed memory isn’t returned to the OS right away because glibc keeps those chunks for reuse.
“By launching waves of connections with randomized claimed sizes, an attacker prevents the allocator from reusing those freed chunks,” Okta says. “Even after the attacker disconnects, the server remains permanently bloated.” The only way to reclaim the space is to restart the process, which is a costly operational disruption for any production service.
Why the Allocation Timing Matters
Because OpenSSL grew the buffer before inspecting the payload, the server can be forced to allocate gigabytes of RAM from just a handful of bytes on the wire. That design decision—originally intended for performance—now becomes an attack surface. The flaw isn’t about code execution; it’s about exhausting resources, which is still a serious risk for any service that relies on OpenSSL for encryption.
Why It Matters for the Stack
The OpenSSL library sits at the heart of most internet‑facing services. It’s baked into NGINX, Apache, Node.js, Python, Ruby, PHP, MySQL, and PostgreSQL. When Okta tested the vulnerability on NGINX, low‑capacity environments depleted memory in seconds, while higher‑spec servers lost up to 25 % of their RAM without triggering any bandwidth alerts. That’s a huge chunk of resources disappearing while the attacker stays under the radar.
Developers often think DoS flaws are “less severe” than remote code execution bugs, but the operational impact can be crippling. A server that can’t serve traffic because its RSS has ballooned will appear offline to users, and the downtime can damage reputation just as badly as a data breach.
- Embedded in NGINX, Apache, and many language runtimes.
- Pre‑installed on most Linux distributions for TLS handling.
- Can consume up to 25 % of system memory on modest servers.
- Triggers a permanent memory bloat until the process restarts.
Real‑World Implications
Imagine a SaaS platform that spins up dozens of micro‑services behind an NGINX reverse proxy. A single malicious client could send the tiny 11‑byte packet, watch the proxy’s memory climb, and force a cascade of restarts across the fleet. That’s not a hypothetical scenario; it’s exactly what Okta demonstrated in their lab.
Patch Timeline and Version Coverage
The OpenSSL team quietly applied a fix, assigning no CVE number but labeling it a “hardening fix.” The patch changes the allocation logic so the buffer only grows after the payload arrives, effectively ignoring the header’s length claim. The fix ships in OpenSSL 4.0.1 and has been back‑ported to the following releases: 3.6.3, 3.5.7, 3.4.6, and 3.0.21. Those versions now grow the buffer only when the data is present, eliminating the window for exploitation.
Because the patch is already in the latest releases, the onus is on distribution maintainers and sysadmins to push the updated packages. Okta recommends “upgrading your distribution’s OpenSSL packages immediately,” and that advice isn’t just for the security‑focused; it’s for anyone who can’t afford unexpected restarts.
How the Fix Works
Instead of allocating the full declared length up front, the new code validates the incoming payload size first. If the actual data is smaller than the header claim, the allocation is trimmed accordingly. That prevents the server from ever reserving more memory than it needs, and the worker thread no longer blocks waiting for phantom data.
Practical Mitigation Steps
Beyond upgrading OpenSSL, there are a few operational tricks you can apply today. First, enforce strict TLS termination at a reverse proxy that can limit the number of concurrent handshakes. Second, monitor process RSS for sudden spikes that aren’t tied to traffic volume—those are the tell‑tale signs of a HollowByte‑style attack. Third, consider using container orchestration health checks that automatically restart a pod if its memory usage crosses a threshold.
Don’t forget to audit your dependency chain. Even if you’re not directly linking OpenSSL, many language runtimes bundle it. Verify the version each runtime ships with, and patch accordingly. The original report makes it clear that the vulnerability is widespread, so a thorough inventory is the only way to be sure you’re not left exposed.
What This Means For You
If you run any service that terminates TLS traffic—whether it’s a web server, API gateway, or database—you need to verify your OpenSSL version today. That means checking the package manager, confirming the installed release, and rolling out the update if you’re on a vulnerable branch. Skipping this step could leave your servers vulnerable to a memory‑exhaustion attack that’s both cheap to launch and hard to detect.
For developers, the lesson is to treat allocation logic as a security boundary, not just a performance optimization. When you write code that parses length fields, always validate the actual payload before reserving memory. That habit will protect you from similar bugs in other libraries, not just OpenSSL.
Looking ahead, the industry will likely see more “low‑byte” DoS techniques that exploit allocation assumptions. As we harden the TLS stack, we’ll need to balance performance with strong input validation. Will future OpenSSL releases adopt more defensive defaults, or will the onus remain on operators to stay patched? Only.
Competitive Landscape
OpenSSL isn’t the only TLS implementation out there. Alternatives such as LibreSSL and BoringSSL also power many services. Those projects share a common code lineage, which means a design pattern that caused the HollowByte issue in OpenSSL could appear elsewhere if not reviewed. Vendors that ship their own cryptographic stacks often add custom memory‑management layers, and those layers inherit the same risk when they follow the “allocate‑first” model.
Because the flaw stems from a fundamental assumption about incoming data, any library that mirrors that logic could be exposed. That’s why security teams are scanning their entire software bill of materials, not just the OpenSSL package. The broader message is clear: a single vulnerable component can ripple through an ecosystem that depends on it.
Key Questions Remaining
- Will future OpenSSL releases automatically reject absurd length claims, or will they rely on external hardening?
- How quickly will major Linux distributions push the back‑ported patches to stable releases?
- Can runtime environments provide a safer default without sacrificing performance?
Answers will shape how quickly the community can move beyond this episode. Until then, vigilance is the best defense.
Sources: BleepingComputer, Okta Red Team advisory

