|CVE-2022-2097||3.0.0-3.0.4 and 1.1.1-1.1.1p|
The openssl version in F5 does not seem to be affected by these vulnerabilities.
[root@f5:Active:Standalone] config # openssl version OpenSSL 1.0.2u-fips 20 Dec 2019
OpenSSL Security Advisory [5 July 2022] ======================================= Heap memory corruption with RSA private key operation (CVE-2022-2274) ===================================================================== ... OpenSSL 1.1.1 and 1.0.2 are not affected by this issue. ... AES OCB fails to encrypt some bytes (CVE-2022-2097) =================================================== ... This issue affects versions 1.1.1 and 3.0. It was addressed in the releases of 1.1.1q and 3.0.5 on the 5th July 2022. ...
Thanks for the info.