K22334603 : OpenSSL vulnerability CVE-2016-0799

Security Advisory Description

The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. (CVE-2016-0799)
Impact
ARX, FirePass, LineRate, F5 WebSafe, and Traffix SDCThere is no impact. These F5 products are not affected by this vulnerability.BIG-IP, BIG-IQ, F5 iWorkflow, and Enterprise Manager
In default configurations, there is no impact. This vulnerability is only exposed if custom monitors that call external scripts are used, and the external scripts call the vulnerable OpenSSL functions either using the command line utilities (OpenSSL) or language wrappers that call the OpenSSL libraries. For CVE-2016-0799, the OpenSSL functions are responsible for parsing ASN.1 data and returning the data in a human-readable format (for example, openssl asn1parse) if the external monitor is handling untrusted ASN.1 data. Built-in Secure Sockets Layer (SSL) monitors, such as HTTPS monitors, are not affected by this vulnerability.