So Open SSL announced that they are going to release details of a Critical OpenSSL vulnerability that affects versions 3.0.0 to 3.0.6. There is rumbling that this vulnerability may be a major deal likened to the everyone's favorite CVE of 2014, heartbleed.
Open SSL will be releasing their patch/update Tuesday 1st November 2022 between 1300-1700 UTC
But unlike heartbleed this OpenSSL vulnerability might not have the same impact to security and network infrastructure that heartbleed had. So far most security and network infrastructure companies are looking ok. As you would expect many of these companies don't run the most bleeding edge versions of open source libraries for this very reason. Also many times stability and security take president over new features.
What I wanted to do is put links to OSS (Open Source Software) lists that are used in different vendors platforms. I started out hopeful but for many of the companies it is very difficult to find. I will post hem as i run across them.
Cisco - https://www.cisco.com/c/en/us/about/legal/open-source-documentation-responsive.html
Palo Alto Networks - https://docs.paloaltonetworks.com/oss-listings/pan-os-oss-listings
Juniper -
Fortinet -
Aruba -
Arista -
Extreme Networks -
Checkpoint -
F5 -
Citrix ADC -