Description
OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. (CVE-2012-0050)
Impact
None. F5 products are not affected by this vulnerability.
Status
F5 Product Development has assigned ID 376840 (BIG-IP and Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, BIG-IP iHealth may list Heuristic H470536 on the Diagnostics> Identified> Mediumscreen.
To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:
Product | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature |
---|---|---|---|
BIG-IP LTM | None | 11.0.0 - 11.5.1 | |
10.0.0 - 10.2.4 | None | ||
BIG-IP AAM | None | 11.4.0 - 11.5.1 | None |
BIG-IP AFM | None | 11.3.0 - 11.5.1 | None |
BIG-IP Analytics | None | 11.0.0 - 11.5.1 | None |
BIG-IP APM | None | 11.0.0 - 11.5.1 | |
10.1.0 - 10.2.4 | None | ||
BIG-IP ASM | None | 11.0.0 - 11.5.1 | |
10.0.0 - 10.2.4 | None | ||
BIG-IP Edge Gateway | |||
None | 11.0.0 - 11.3.0 | ||
10.1.0 - 10.2.4 | None | ||
BIG-IP GTM | None | 11.0.0 - 11.5.1 | |
10.0.0 - 10.2.4 | None | ||
BIG-IP Link Controller | None | 11.0.0 - 11.5.1 | |
10.0.0 - 10.2.4 | None | ||
BIG-IP PEM | None | 11.3.0 - 11.5.1 | None |
BIG-IP PSM | None | 11.0.0 - 11.4.1 | |
10.0.0 - 10.2.4 | None | ||
BIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 | |
10.0.0 - 10.2.4 | None | ||
BIG-IP WOM | None | 11.0.0 - 11.3.0 | |
10.0.0 - 10.2.4 | None | ||
ARX | None | 6.0.0 - 6.4.0 | None |
Enterprise Manager | None | 3.0.0 - 3.1.1 | |
2.1.0 - 2.3.0 | None | ||
FirePass | None | 7.0.0 | |
6.0.0 - 6.1.0 | None | ||
BIG-IQ Cloud | None | 4.0.0 - 4.3.0 | None |
BIG-IQ Device | None | 4.2.0 - 4.3.0 | None |
BIG-IQ Security | None | 4.0.0 - 4.3.0 | None |
Recommended Action
None
Supplemental Information