Forum Discussion
neeeewbie
Jul 07, 2022MVP
Is f5 vulnerable to cve-2022-2274 / 2022-2097?
Hi
we got new CVE
Is f5 vulnerable to cve-2022-2274 / 2022-2097?
thank you
Jul 07, 2022
Hi neeeewbie,
ID | Affected Versions |
CVE-2022-2274 | 3.0.4 |
CVE-2022-2097 | 3.0.0-3.0.4 and 1.1.1-1.1.1p |
The openssl version in F5 does not seem to be affected by these vulnerabilities.
[root@f5:Active:Standalone] config # openssl version
OpenSSL 1.0.2u-fips 20 Dec 2019
- neeeewbieJul 07, 2022MVP
thanks for your kind attention
I saw this document
but Development of versions prior to 1.1.0 is discontinued
our device using 1.0.2. so I curious
is 1.0.2 version safe from this vulnerable?
- Jul 07, 2022
Hi neeeewbie,
OpenSSL Security Advisory [5 July 2022] ======================================= Heap memory corruption with RSA private key operation (CVE-2022-2274) ===================================================================== ... OpenSSL 1.1.1 and 1.0.2 are not affected by this issue. ... AES OCB fails to encrypt some bytes (CVE-2022-2097) =================================================== ... This issue affects versions 1.1.1 and 3.0. It was addressed in the releases of 1.1.1q and 3.0.5 on the 5th July 2022. ...
- neeeewbieJul 07, 2022MVP
thank you!
I saw this news.
this openssl vesion safe from 2274
do you know f5 safe from 2097?
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects