Are DLP services affected by CVE-2022-37454?
Release : 15.8+
DLP doesn't use SHA-3, nor does it use the "Keccak XKCP" implementation that is vulnerable. So DLP is not affected by this vulnerability.
CVE-2022-37454 should not impact any of our products for two reasons:
(a) the issue exists in the "reference-implementation" of SHA-3, called "Keccak XKCP." It is highly unlikely for a reference implementation to be used in practice (OpenSSL, for example, does not use it), and
(b) SHA-3 is not as widely adopted even though it has been around for a while since SHA-2 is adequate for all practical purposes.