OpenSSL Fixes HollowByte Memory Exhaustion Bug
Overview
Okta has reported a new vulnerability in OpenSSL, dubbed HollowByte, which allows remote attackers to exploit a flaw that can lead to memory exhaustion on servers. This specific vulnerability is only 11 bytes long, and when exploited, it can cause a server to allocate up to 131 KB of memory. As a result, this could trigger denial-of-service attacks, rendering the affected servers unable to respond to legitimate requests. Organizations using affected versions of OpenSSL should prioritize patching this vulnerability to protect their systems from potential exploitation. The risk is significant, as attackers can exploit this flaw without needing authentication, making it easier for malicious actors to disrupt services.
Key Takeaways
- Affected Systems: OpenSSL
- Action Required: Patches for affected versions of OpenSSL should be applied as soon as they are available.
- Timeline: Newly disclosed
Original Article Summary
Okta disclosed HollowByte, an 11-byte OpenSSL flaw that lets remote attackers exhaust server memory and trigger denial-of-service attacks. Okta’s Red Team disclosed a denial-of-service vulnerability in OpenSSL they named HollowByte, and the attack payload is exactly 11 bytes. A remote, unauthenticated attacker sends that payload and the server allocates up to 131 KB of memory […]
Impact
OpenSSL
Exploitation Status
No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.
Timeline
Newly disclosed
Remediation
Patches for affected versions of OpenSSL should be applied as soon as they are available. Users are advised to monitor for updates from their vendors.
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.
Related Topics: This incident relates to Exploit, Vulnerability, Okta.