OpenSSL have published a security advisory. Here's how it affects BoringSSL:
| CVE | Summary | Severity in OpenSSL | Impact to BoringSSL |
|---|---|---|---|
| CVE-2019-1559 | 0-byte record padding oracle | Moderate | Not affected. CBC decoding is encapsulated in the AEAD interface and doesn’t interact with the TLS state machine. |
Not mentioned in the security advisory, but included in the source update, is a fix to bn_cmp_words found by ChromeOS fuzzing. The arithmetic issue appears to be harmless but, when triggered, this causes the bigint code to read one word before the start of a malloced buffer. With OpenSSL this may cause a crash if the malloced buffer starts at a page boundary and the previous page isn’t readable.
In BoringSSL, this erroneous path was reachable for about a day on our main branch, in January 2018. However in BoringSSL the prior word will be the length of the buffer so this is harmless. The issue was independently fixed in BoringSSL, when other side channel work removed bn_cmp_words altogether.