While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL since then. (CVE-2017-3735)

Impact

A malformed display of x509 objects to authorized users if the malformed certificate is installed. This information will not affect the operation of the system. You must be an administrator on the system to install certificates or view certificate details.

The BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow products include the vulnerable OpenSSL library. However, in the default, standard, and recommended configurations, the system does not display certificate properties to users who are not authenticated.

CPENameOperatorVersion
big-ip afmeq11.5.1
big-ip afmeq11.5.2
big-ip afmeq11.5.3
big-ip afmeq11.5.4
big-ip afmeq11.5.5
big-ip afmeq11.5.6
big-ip afmeq11.5.7
big-ip afmeq11.5.8
big-ip afmeq11.5.9
big-ip afmeq11.6.1

Name	Operator	Version
big-ip afm	eq	11.5.1
big-ip afm	eq	11.5.2
big-ip afm	eq	11.5.3
big-ip afm	eq	11.5.4
big-ip afm	eq	11.5.5
big-ip afm	eq	11.5.6
big-ip afm	eq	11.5.7
big-ip afm	eq	11.5.8
big-ip afm	eq	11.5.9
big-ip afm	eq	11.6.1