By Interestana AI Editorial — AI-drafted, human-overseen. How we report
HollowByte DDoS Flaw Exploits OpenSSL With 11-Byte Payload
A critical vulnerability named HollowByte was disclosed, enabling unauthenticated attackers to initiate a denial-of-service (DoS) attack against OpenSSL servers. This exploit leverages a minimal 11-byte malicious payload to trigger a memory exhaustion condition, effectively crashing the targeted server. The vulnerability specifically targets the handling of malformed Certificate Signing Request (CSR) messages within OpenSSL versions 3.0.0 through 3.0.13, 3.1.0 through 3.1.5, and 3.2.0.
Researchers at the cybersecurity firm Red Hat Product Security Team identified the flaw and reported that the exploit causes the OpenSSL server to consume an excessive amount of memory. This memory bloat is triggered by the server's attempt to process an invalid CSR, leading to a DoS state where the server becomes unresponsive. The simplicity of the attack, requiring only an 11-byte payload, makes it particularly dangerous and easy to deploy by malicious actors.
OpenSSL has released patches to address the HollowByte vulnerability. Users are strongly advised to update their OpenSSL installations to the latest versions to mitigate the risk of exploitation. The affected versions include OpenSSL 3.0.x up to 3.0.13, OpenSSL 3.1.x up to 3.1.5, and OpenSSL 3.2.0. The fix is integrated into OpenSSL 3.0.14, 3.1.6, and 3.2.1.
The disclosure of HollowByte highlights ongoing security challenges within widely used cryptographic libraries. OpenSSL is a foundational component for securing internet communications, underpinning protocols like TLS/SSL. The vulnerability's ease of exploitation and its impact on server availability underscore the importance of continuous security auditing and prompt patching of critical infrastructure software.
Original source — read the full reporting at the publisher:
Read on BleepingComputerGet the weekly AI digest
AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.