OpenSSL HollowByte Flaw Lets Attackers Drain Server Memory With an 11-Byte Request


A denial-of-service vulnerability called HollowByte can allow an unauthenticated attacker to consume substantial server memory by sending an incomplete TLS request containing as little as 11 bytes.

The Okta Red Team, which discovered the issue, found that affected OpenSSL versions allocate memory based on a size declared by the attacker before receiving the complete TLS handshake message.

Repeated requests can increase memory use, occupy connections and eventually make an exposed service unresponsive. On Linux systems using glibc, memory fragmentation can amplify the impact because the allocator may retain freed memory instead of returning it immediately to the operating system.

How the OpenSSL HollowByte attack works

A TLS connection begins with a record header followed by handshake data. The TLS record header is 5 bytes long, while each handshake message starts with a separate 4-byte header that includes a 3-byte length field.

An attacker can declare a large handshake message in this header but send only a small part of it. Older OpenSSL code may expand its initial receive buffer according to the declared length before the rest of the message arrives.

The OpenSSL correction for the main and 4.0 branches changed this behavior. OpenSSL now grows the buffer incrementally as it receives data rather than allocating the full advertised amount in advance.

Attack stageWhat happens
Connection beginsThe attacker opens a connection to a service that accepts TLS traffic.
Length is declaredA crafted handshake header claims that a much larger message will follow.
Buffer expandsAn affected OpenSSL build allocates memory based on the declared length.
Data stopsThe attacker withholds the remaining handshake data, leaving the connection incomplete.
Attack repeatsMany requests consume connections and create memory pressure on the server.

Memory fragmentation can increase the damage

A single HollowByte connection can cause an affected process to reserve up to roughly 131 KB, according to the researchers. That amount may appear small, but an attacker can create many connections while sending very little data.

Closing those connections does not guarantee an immediate reduction in the processโ€™s resident memory. On systems using glibc, the allocator can keep freed memory available for future allocations instead of returning it directly to the operating system.

The HollowByte research found that varying the requested allocation sizes made memory reuse less efficient. This produced fragmentation and allowed the processโ€™s resident set size, or RSS, to remain high after attack connections closed.

  • In a test environment with 1 GB of RAM, the affected server accumulated about 547 MB of retained memory before the operating system terminated it.
  • In a 16 GB environment, the attack tied up approximately 25% of system memory without exceeding the configured connection ceiling.
  • Restarting the affected process released memory that the allocator had retained during testing.

Connection limits may not fully stop HollowByte

HollowByte shares some characteristics with slow-connection attacks, but it adds a memory allocation component. Traditional connection limits can reduce exposure, yet they may not stop an attacker from creating damaging memory pressure below those limits.

TLS handshake timeouts, per-IP connection limits and reverse proxies can make exploitation harder. Administrators should treat these controls as additional protection, not as substitutes for installing a corrected OpenSSL version.

Attack impact will vary according to the application, operating system, allocator, worker model, resource limits and TLS timeout settings. The issue does not guarantee that every OpenSSL-based service will crash after receiving a single 11-byte request.

Which OpenSSL versions contain the fix?

OpenSSL included the correction in updates released on June 9, 2026. The projectโ€™s official release and advisory timeline confirms that OpenSSL 4.0.1, 3.6.3, 3.5.7, 3.4.6 and 3.0.21 arrived on that date.

OpenSSL branchVersion containing the HollowByte fix
4.04.0.1
3.63.6.3
3.53.5.7
3.43.4.6
3.03.0.21

The project implemented the change through pull requests covering different supported branches. The incremental buffer allocation patch covers the main and OpenSSL 4.0 code, while related backports address the 3.x branches.

OpenSSL did not assign HollowByte a CVE identifier or identify it as a separate vulnerability in the June security advisory. Its absence from CVE-based scanners means administrators should check package versions directly rather than relying only on vulnerability alerts.

What server administrators should do

Organizations should upgrade to a fixed OpenSSL release supplied by their operating system or software vendor. After installing the update, administrators must restart services that loaded the old OpenSSL library into memory.

The official OpenSSL release timeline can help teams confirm the upstream release dates, but vendor package numbers may differ. Linux distributions often backport security corrections without adopting the same upstream version number.

  • Inventory internet-facing services that terminate TLS connections.
  • Check both dynamically linked and bundled OpenSSL copies.
  • Update to OpenSSL 4.0.1, 3.6.3, 3.5.7, 3.4.6 or 3.0.21, as appropriate.
  • Ask the vendor whether its package includes the HollowByte incremental buffer allocation patch.
  • Restart web servers, proxies, databases and application runtimes after patching.
  • Monitor RSS growth, incomplete TLS handshakes and unusual connection patterns.
  • Apply sensible handshake timeouts and per-client connection limits as additional safeguards.

Administrators should also inspect applications that bundle their own cryptographic libraries. Updating the operating systemโ€™s OpenSSL package will not replace a private copy embedded in a container, appliance, runtime or statically linked application.

FAQ

What is the OpenSSL HollowByte vulnerability?

HollowByte is a denial-of-service issue in which affected OpenSSL versions allocate memory according to an attacker-controlled TLS handshake length before receiving the complete message. Repeated incomplete requests can consume connections and create severe memory pressure.

Can HollowByte crash a server with only 11 bytes?

An 11-byte request can trigger a disproportionate allocation on an affected service, but one request does not necessarily crash the server. An attacker would generally repeat the request across many connections to exhaust resources or make the service unavailable.

Which OpenSSL versions fix HollowByte?

The fix appears in OpenSSL 4.0.1, 3.6.3, 3.5.7, 3.4.6 and 3.0.21. Vendors may also backport the correction to packages with different version numbers.

Does HollowByte have a CVE number?

No CVE identifier had been assigned to HollowByte at the time of disclosure. OpenSSL included the correction as a hardening change without listing HollowByte as a separate issue in its June 2026 security advisory.

How can administrators protect servers from HollowByte?

Administrators should install a vendor package containing the fix, restart affected services and verify bundled OpenSSL copies separately. Handshake timeouts, connection limits and memory monitoring can provide additional protection but do not replace patching.

Readers help support VPNCentral. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more

User forum

0 messages