BleepingComputerSaturday · July 18, 2026FREE

HollowByte DDoS flaw bloats OpenSSL server memory with 11-byte payload

opensslddosvulnerabilitysecurity

A security vulnerability dubbed HollowByte has been discovered in OpenSSL, enabling a DDoS attack that amplifies traffic by exploiting server memory. Attackers can send a minimal 11-byte payload that triggers disproportionate memory allocation on the target server, effectively bloating its memory usage. This amplification factor allows a small attack to overwhelm server resources, leading to a denial-of-service condition. The flaw specifically targets OpenSSL implementations, and the attack leverages the protocol's handling of certain handshake messages. While the exact OpenSSL versions affected are not specified in the source, the vulnerability poses a significant threat to servers relying on this widely-used cryptographic library. The discovery highlights ongoing challenges in securing network infrastructure against amplification attacks.

// why it matters

Developers using OpenSSL should be aware of a new DDoS amplification vector that can exhaust server memory with minimal attacker effort.

Sources

Primary · BleepingComputerMirror · The Hacker News
▸ Read original at bleepingcomputer.com

Like this? Get the next digest.

HollowByte DDoS flaw bloats OpenSSL server memory with 11-byte payload — aigest.dev