MUMBAI, INDIA: Array Networks Inc., a global leader in application delivery networking, announced that Array Networks products are NOT exposed to the OpenSSL Heartbleed vulnerability.
Unlike hardware and software vendors who have integrated OpenSSL into their core product and service offerings, Array is unaffected because the company uses a proprietary SSL stack to process SSL, TLS and DTLS service traffic.
As described on the Common Vulnerabilities and Exposures Website, the TLS and DTLS implementations in OpenSSL 1.0.1, before 1.0.1g, do not properly handle Heartbeat Extension packets which allow remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
Array products - including APV, vAPV, AG, vxAG and EOS products (TMX, SPX) - use the company's proprietary SSL stack to process all SSL, TLS and DTLS service traffic. Therefore, service traffic on Array products is not affected by this OpenSSL Heartbleed vulnerability.