Is DLP affected by CVE-2022-37454?
search cancel

Is DLP affected by CVE-2022-37454?


Article ID: 253601


Updated On:


Data Loss Prevention


Are DLP services affected by CVE-2022-37454?


Release : 15.8+


DLP doesn't use SHA-3, nor does it use the "Keccak XKCP" implementation that is vulnerable. So DLP is not affected by this vulnerability. 

Additional Information:

CVE-2022-37454 should not impact any of our products for two reasons:

       (a) the issue exists in the "reference-implementation" of SHA-3, called "Keccak XKCP." It is highly unlikely for a reference implementation to be used in practice (OpenSSL, for example, does not use it), and

       (b) SHA-3 is not as widely adopted even though it has been around for a while since SHA-2 is adequate for all practical purposes.