OpenSSL - Pending Vulnerability Announcement

Incident
01 November 2022, 17:09 UTC

OpenSSL - Pending Vulnerability Announcement

Status: closed
Start: 28 October 2022, 19:48 UTC
End: 01 November 2022, 17:09 UTC
Duration: 3 days 21 hours 21 minutes
Affected Components:
Platform North America Europe Asia South America Oceania Africa Amsterdam (AMS) Adelaide (ADL) Bangkok (BKK) Bogota (BOG) Cape Town (CPT) Chennai (MAA) Brussels (BRU) Auckland (AKL) Buenos Aires (EZE) Ghana (ACC) Ashburn (IAD) Copenhagen (CPH) Brisbane (BNE) Curitiba (CWB) Johannesburg (JNB) Dublin (DUB) Christchurch (CHC) Dubai (DXB) Fortaleza (FOR) Frankfurt (FRA) Fujairah (FJR) Melbourne (MEL) Lima (LIM) Hyderabad (HYD) Frankfurt (HHN) Perth (PER) Rio de Janeiro (GIG) Atlanta (PDK) Helsinki (HEL) Hong Kong (HKG) Sydney (SYD) Santiago (SCL) Boston (BOS) Kolkata (CCU) London (LCY) Wellington (WLG) Sāo Paulo (CGH) Calgary (YYC) London (LON) Kuala Lumpur (KUL) Chicago (CHI) Sao Paulo (GRU) London (LHR) Manila (MNL) Mumbai (BOM) Lisbon (LIS) New Delhi (DEL) Madrid (MAD) Manchester (MAN) Osaka (ITM) Marseille (MRS) Seoul (ICN) Milan (LIN) Singapore (QPG) Milan (MXP) Columbus (CMH) Oslo (OSL) Columbus (LCK) Munich (MUC) Palermo (PMO) Tokyo (HND) Dallas (DFW) Tokyo (NRT) Denver (DEN) Rome (FCO) Detroit (DTW) Sofia (SOF) Tokyo (TYO) Gainesville (GNV) Stockholm (BMA) Honolulu (HNL) Houston (IAH) Vienna (VIE) Kansas City (MCI) Los Angeles (BUR) Miami (MIA) Minneapolis (MSP) Minneapolis (STP) Montreal (YUL) Newark (EWR) New York (LGA) Palo Alto (PAO) Phoenix (PHX) Portland (PDX) San Jose (SJC) Seattle (BFI) St. Louis (STL) Toronto (YYZ) Vancouver (YVR)
Affected Groups:
All Public Users
Investigating

28 October 2022, 19:48 UTC

28 October 2022, 19:48 UTC

Fastly is aware of an expected critical vulnerability the OpenSSL project is expected to disclose in the near future. We are studying the currently available information surrounding this vulnerability and do not currently believe that Fastly is vulnerable. We will continue to monitor as additional information is released and will provide our customers with more information as available.

Resolved

01 November 2022, 17:09 UTC

01 November 2022, 17:09 UTC

Fastly has reviewed the initial notification from OpenSSL regarding CVE-2022-3786 and CVE-2022-3602. We have analyzed the versions of OpenSSL in use at Fastly, and verified that we do not use OpenSSL 3.x. Fastly and customer usage of Fastly services are not vulnerable to CVE-2022-3786 or CVE-2022-3602.