Vulnerability Management18 July 2026
OpenSSL's HollowByte DoS Flaw Shipped With No CVE — Here's Why That Matters
An 11-byte TLS handshake header can lock up hundreds of megabytes of server memory before authentication even starts. OpenSSL fixed it in June 2026 without a CVE, an advisory, or a changelog entry.
openssldenial-of-servicevulnerability-management